urlscan.io logo urlscan.io
SecurityTrails logo

www.ired.team Open in urlscan Pro
2606:4700::6812:91  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Effective URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Submission Tags: falconsandbox
Submission: On July 09 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 11 domains to perform 53 HTTP transactions. The main IP is 2606:4700::6812:91, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.ired.team.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 27th 2020. Valid for: a year.
This is the only time www.ired.team was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 151.101.65.26 54113 (FASTLY)
21 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
8 2600:1901:0:9... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
53 13
1    2606:4700:3036::ac43:b213 (United States)

ASN13335 (CLOUDFLARENET, US)
ired.team
1    2606:4700::6812:91 (United States)

ASN13335 (CLOUDFLARENET, US)
www.ired.team
1    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6810:7caf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
10    2606:4700::6812:86f (United States)

ASN13335 (CLOUDFLARENET, US)
gstatic.gitbook.com
app.gitbook.com
www.gitbook.com
1    151.101.65.26 (United States)

ASN54113 (FASTLY, US)
polyfill.io
21    2606:4700::6812:96f (United States)

ASN13335 (CLOUDFLARENET, US)
gblobscdn.gitbook.com
2    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
lh5.googleusercontent.com
2    2a02:26f0:6c00:299::353e (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
docs.microsoft.com
1    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700:3035::6815:327f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.lr-ingest.io
8    2600:1901:0:94b6:: (Kansas City, United States)

ASN15169 (GOOGLE, US)
gitbook-28427.firebaseio.com
s-usc1c-nss-226.firebaseio.com
3    2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
21 gblobscdn.gitbook.com www.ired.team
gstatic.gitbook.com
8 gstatic.gitbook.com www.ired.team
gstatic.gitbook.com
7 s-usc1c-nss-226.firebaseio.com gstatic.gitbook.com
3 www.google-analytics.com gstatic.gitbook.com
2 docs.microsoft.com www.ired.team
2 lh5.googleusercontent.com www.ired.team
gstatic.gitbook.com
1 www.gitbook.com gstatic.gitbook.com
1 gitbook-28427.firebaseio.com gstatic.gitbook.com
1 app.gitbook.com gstatic.gitbook.com
1 cdn.lr-ingest.io gstatic.gitbook.com
1 fonts.gstatic.com fonts.googleapis.com
1 polyfill.io www.ired.team
1 unpkg.com www.ired.team
1 fonts.googleapis.com www.ired.team
1 www.ired.team
1 ired.team 1 redirects
53 16
Subject Issuer Validity Valid
www.ired.team
Cloudflare Inc ECC CA-3		 2020-11-27 -
2021-11-26		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-22 -
2021-09-14		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-02 -
2022-07-01		 a year crt.sh
polyfill.io
GlobalSign Atlas R3 DV TLS CA 2020		 2021-06-04 -
2022-07-06		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
docs.microsoft.com
Microsoft RSA TLS CA 01		 2020-10-08 -
2021-10-08		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh
firebaseio.com
GTS CA 1D4		 2021-07-01 -
2021-09-29		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-06-22 -
2021-09-14		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Frame ID: 2966656FBF9C125B06850C2FD64CD478
Requests: 45 HTTP requests in this frame

Frame: https://gitbook-28427.firebaseio.com/.lp?start=t&ser=87295329&cb=1&v=5
Frame ID: C7F4B7517F527E003F31A1741BA1DEF2
Requests: 7 HTTP requests in this frame

Frame: https://s-usc1c-nss-226.firebaseio.com/.lp?dframe=t&id=3344490&pw=yVCcsUaLSM&ns=gitbook-28427
Frame ID: 0C81985C8DDDCE216986DF473B64C924
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studi... HTTP 301
    https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studi... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/polyfill\.min\.js/i

Page Statistics

53
Requests

98 %
HTTPS

92 %
IPv6

11
Domains

16
Subdomains

13
IPs

2
Countries

4401 kB
Transfer

10796 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs HTTP 301
    https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
www.ired.team/offensive-security/defense-evasion/
Redirect Chain
  • https://ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
  • https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
2 MB
430 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e97312a82f9e673fc389788d338041d63a1e5baf9b1a67796e39f3dce7788fe6
Security Headers
Name Value
Content-Security-Policy default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.ired.team
:scheme
https
:path
/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
content-type
text/html; charset=utf-8
cf-ray
66c46db0bb764ec7-FRA
age
54248
cache-control
public, max-age=86400, s-maxage=86400, stale-while-revalidate=3600, stale-if-error=43200
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding, Authorization, Cookie, X-CDN-Host
cf-cache-status
HIT
content-security-policy
default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
function-execution-id
qb0rfqpo8150
referrer-policy
no-referrer-when-downgrade
x-cdn-cache-group
-LFEMnER3fywgFHoroYn
x-cloud-trace-context
6290ab5dc67dc0d14b4e90defaf3426a
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
server
cloudflare
content-encoding
gzip

Redirect headers

date
Fri, 09 Jul 2021 20:51:06 GMT
cache-control
max-age=3600
expires
Fri, 09 Jul 2021 21:51:06 GMT
location
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
cf-request-id
0b2ea2e22200004e613c831000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A9QA9Jzl5CO32YL8s%2FiW7R%2FzftRGmp7e9bnMkD4YYK6LjmtYbZrsXb098GU4gBdjd6rdxPsEX36DNPjwZtz5uQ9EbeCLcVW2JVaCT%2BG54Rn%2FikNfNQQwABFdQzyvqAX0KeuC"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
66c46db02d094e61-FRA
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6da43a0ac4abcb5bc4b10164a762759e5cc81f37e00033643034a891fb490c82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 09 Jul 2021 20:51:07 GMT
server
ESF
date
Fri, 09 Jul 2021 20:51:07 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Jul 2021 20:51:07 GMT
emojione-sprite-40.min.css
unpkg.com/emojione-assets@4.0.0/sprites/ 		183 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/emojione-assets@4.0.0/sprites/emojione-sprite-40.min.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
9415626
vary
Accept-Encoding
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
cloudflare
etag
W/"2dc7c-MlEndlChcp6B66cJCh5yD8CB/Fo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
e0ac7d85fe9bfe99ddd0e0018c758a56
cache-control
public, max-age=31536000
cf-ray
66c46db10c9d4a6d-FRA
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6767807
cf-polished
origSize=1701
x-guploader-uploadid
ABg5-UwiIdAcAjrmRlFxwdUIs61NAokkry_-iZ807hfyhPF7n05ywV-MhhKGJXAj1nhFXaaZ1Wx1tw1RuwfcZvRBTHA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
last-modified
Wed, 07 Apr 2021 08:43:49 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1617785029532093
access-control-allow-origin
*
expires
Thu, 21 Apr 2022 20:23:08 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
66c46db12e2d05f1-FRA
cf-bgj
minify
polyfill.min.js
polyfill.io/v3/ 		72 B
537 B 		Script
General
Check archive.org
Download Go to
Full URL
https://polyfill.io/v3/polyfill.min.js?flags=gated&features=Intl
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.26 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
content-type
text/javascript; charset=utf-8
age
1365369
detected-user-agent
Chrome Mobile/89.0.4389
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
74
referrer-policy
origin-when-cross-origin
last-modified
Wed, 23 Jun 2021 06:24:19 GMT
date
Fri, 09 Jul 2021 20:51:07 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
normalized-user-agent
chrome/89.0.0
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png
gblobscdn.gitbook.com/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/spaces%2F-LFEMnER3fywgFHoroYn%2Favatar.png?alt=media
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
6703652
x-guploader-uploadid
ABg5-UzTfWJh6V0B0k2lFPabkrMdmvV3nYkpS2yXi96O2qwxzor09DJgESW3o58wiAWT6dRVCB72aizzWA6t6Q6FplW3MkbWYA
x-goog-storage-class
STANDARD
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
29066
last-modified
Sat, 08 Sep 2018 20:00:14 GMT
server
cloudflare
etag
"2965c5f978755802debc0291c5574853"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ALxBKw==, md5=KWXF+Xh1WALevAKRxVdIUw==
x-goog-generation
1536436814766237
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
29066
x-goog-meta-firebasestoragedownloadtokens
1910800b-eed5-42ea-b282-39d0660128fe
accept-ranges
bytes
cf-ray
66c46db11b53dfc3-FRA
expires
Sat, 23 Apr 2022 06:43:34 GMT
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 19:03:24 GMT
x-content-type-options
nosniff
age
6463
content-disposition
inline;filename=""
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 07 Jul 2021 12:06:53 GMT
111.893452c2.js
gstatic.gitbook.com/js/ 		3 MB
945 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/111.893452c2.js
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f4e35a0173f90739b719e906fa5c0fd9ca677a310b81fa3803166b22199dbaf

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
content-encoding
gzip
cf-cache-status
HIT
age
718174
cf-polished
origSize=3418601
x-guploader-uploadid
ADPycdvInn5cfJKRTqPsib3bH69-duV8g1fgSEoF6X1vFo0a-ExUeYfG1Ay0wkYyOWivuTvfsXUvkRUYlayhvtV0WhcuQnlBVQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
expires
Fri, 01 Jul 2022 12:51:50 GMT
last-modified
Thu, 01 Jul 2021 12:49:44 GMT
server
cloudflare
etag
W/"a1fb7c720c810beeb460096b48ea8810"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=sVl+rg==, md5=oft8cgyBC+60YAlrSOqIEA==
x-goog-generation
1625143784820545
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
3418601
cf-ray
66c46db1580d2b7d-FRA
cf-bgj
minify
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Tue, 23 Mar 2021 02:10:29 GMT
x-datacenter
wus
date
Fri, 09 Jul 2021 20:51:07 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=1439
etag
"0x8D8EDA0D52AC0F3"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
expires
Fri, 09 Jul 2021 21:15:06 GMT
f4fa50c4003f87e7dc10459e500933c3.woff
gstatic.gitbook.com/fonts/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/f4fa50c4003f87e7dc10459e500933c3.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
6702366
x-guploader-uploadid
ABg5-UxyEzdcNSdaJtXWOu_1a_Udqa_IwHrRlOjvAN1WdWLiRwt_LkJphbV5J8YSQYHy5mSn7RZDeP804aUQsKcyUKyG167dEA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94368
last-modified
Wed, 07 Apr 2021 08:43:49 GMT
server
cloudflare
etag
"f4fa50c4003f87e7dc10459e500933c3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=FUjfEA==, md5=9PpQxAA/h+fcEEWeUAkzww==
x-goog-generation
1617785029592662
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94368
accept-ranges
bytes
cf-ray
66c46db1a8ce2b7d-FRA
expires
Wed, 20 Apr 2022 06:41:18 GMT
72e37e5bf95a8dba938c78b1d7d91253.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/72e37e5bf95a8dba938c78b1d7d91253.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
1888325
x-guploader-uploadid
ABg5-UzGpJvl1DZKDHynFkXDMCOlLpByNyrFzv2A3YTggRb2L6aDrsguhr3X191gds5Wy0b3jZX6DQBjr1LX9vSuVJw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
94040
last-modified
Wed, 07 Apr 2021 08:43:49 GMT
server
cloudflare
etag
"72e37e5bf95a8dba938c78b1d7d91253"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=TBIniA==, md5=cuN+W/lajbqTjHix19kSUw==
x-goog-generation
1617785029573691
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
94040
accept-ranges
bytes
cf-ray
66c46db1a8d32b7d-FRA
expires
Sun, 12 Jun 2022 10:00:50 GMT
fc3d4b35e4d07d4e0485cc2db0e57c77.woff
gstatic.gitbook.com/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/fonts/fc3d4b35e4d07d4e0485cc2db0e57c77.woff
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2

Request headers

Origin
https://www.ired.team
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
4921973
x-guploader-uploadid
ABg5-UwGan3w8btTIOf0-1SNEwpK9JOOZoD4LEnV2f8danvAeKtwlLE3CqzpT_qB0OsDZnlApI2ADMahkX2V5j6snsU
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
font/woff
content-length
93788
last-modified
Wed, 07 Apr 2021 08:43:49 GMT
server
cloudflare
etag
"fc3d4b35e4d07d4e0485cc2db0e57c77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=7TN+QQ==, md5=/D1LNeTQfU4EhcwtsOV8dw==
x-goog-generation
1613469465501597
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=31536000
x-goog-stored-content-length
93788
accept-ranges
bytes
cf-ray
66c46db1b8d52b7d-FRA
expires
Wed, 20 Apr 2022 06:26:20 GMT
HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq.woff2
fonts.gstatic.com/s/sourcecodepro/v14/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcecodepro/v14/HI_XiYsKILxRpg3hIP6sJ7fM7PqtzsjDs-cq.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Code+Pro:500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f29cd3a2bdcacf9f9f7285c9b74d89f55634f4d43752d81a48914afa7442eb66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ired.team
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 05 Jul 2021 22:24:17 GMT
x-content-type-options
nosniff
age
340010
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13540
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 17:51:24 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 05 Jul 2022 22:24:17 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png
gblobscdn.gitbook.com/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png?alt=media&token=5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330544
x-guploader-uploadid
ADPycdt5_v06-LsD2UgJQtJCepA12dFc0HRmCCKEHworBkta8VPJlxWsNvGWIna9njGoI2jwzhtvcOhfJFJtBWfZmJ8
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
42185
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"ca14c741761d2f3e3cd310eb2589cdeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VButHw==, md5=yhTHQXYdLz480xDrJYnN6w==
x-goog-generation
1562505597293291
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
42185
x-goog-meta-firebasestoragedownloadtokens
5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
accept-ranges
bytes
cf-ray
66c46db27d60dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:03 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png
gblobscdn.gitbook.com/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png?alt=media&token=fe38d794-7ef3-429f-946d-097bee5f8565
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330544
x-guploader-uploadid
ADPycdtuKekVBNwuOKT8YMETuVeA_CPx7p4Crj8PU5q1s6HdbkScI86XTTX3HAZoP0fBPiF1Vig2ZfsgEPGVwmwLZmQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
46600
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"fe685c9c5e46f45e0d699f9c1835d3e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=PXQLdQ==, md5=/mhcnF5G9F4NaZ+cGDXT4w==
x-goog-generation
1562505597085480
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
46600
x-goog-meta-firebasestoragedownloadtokens
fe38d794-7ef3-429f-946d-097bee5f8565
accept-ranges
bytes
cf-ray
66c46db27d65dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:03 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png
gblobscdn.gitbook.com/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png?alt=media&token=c3e845dc-f3f0-484b-b9cd-173e5b92c970
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
211485
x-guploader-uploadid
ADPycdv-NNUzQ7AnkSOfj8Zytq42RwqPlIvpfZFCgvdJZBJe_XqIOghdGUyc8exYy0NFU3adcDNGD6kdEVUQpIjC5c70Yvc8mA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
27890
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"9f676533c7e81b9c2aa11bc347c2a2e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jIgsaA==, md5=n2dlM8foG5wqoRvDR8Ki6Q==
x-goog-generation
1562505597082428
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
27890
x-goog-meta-firebasestoragedownloadtokens
c3e845dc-f3f0-484b-b9cd-173e5b92c970
accept-ranges
bytes
cf-ray
66c46db27d66dfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png
gblobscdn.gitbook.com/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png?alt=media&token=59316efd-8f34-4808-b60f-43d2fb36f4b2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
211485
x-guploader-uploadid
ADPycdth1WeErI-Ddeu6O0iWej3O5d3UkLspY-W77_EVj-3JXLNMXlz4yxOLmj-bSuXxwTDcaQ8bDx2fbhPwb5gzilqJ3kHJPg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
92397
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"2b0fd2b58694f79194dbad709c1b407b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=JN5RqQ==, md5=Kw/StYaU95GU261wnBtAew==
x-goog-generation
1562505597695041
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
92397
x-goog-meta-firebasestoragedownloadtokens
59316efd-8f34-4808-b60f-43d2fb36f4b2
accept-ranges
bytes
cf-ray
66c46db27d67dfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png
gblobscdn.gitbook.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png?alt=media&token=a250b915-a7e2-4760-8183-d576f1482b3d
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330543
x-guploader-uploadid
ADPycdvDRsBOLhAIthjCQdoJTVtvcTpHRVn_5JffxJxArSZtMSBUt6HypHTr6BXy1f7a7_A8AoVnIhIOCIw85VRmx3I
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
9204
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"7e21e93c4eb6c35937cae29ac75c189d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=55IcWA==, md5=fiHpPE62w1k3yuKax1wYnQ==
x-goog-generation
1562507414312028
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
9204
x-goog-meta-firebasestoragedownloadtokens
a250b915-a7e2-4760-8183-d576f1482b3d
accept-ranges
bytes
cf-ray
66c46db27d6adfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png
gblobscdn.gitbook.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png?alt=media&token=95617a95-5298-48cf-a2de-f2dcfe881df5
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330543
x-guploader-uploadid
ADPycdt1aREqcs3wyCBTLU30u44Ws3hsyUynCWCz3By6ENpPjAKZqwMh4vdmnIRuRmsYgWZ4j7sKMWslWdybn58vGXQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
28334
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"96ff9af4be090f6f1b9cd6b152632c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=NlADyQ==, md5=lv+a9L4JD28bnNaxUmMsnw==
x-goog-generation
1562507414384037
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
28334
x-goog-meta-firebasestoragedownloadtokens
95617a95-5298-48cf-a2de-f2dcfe881df5
accept-ranges
bytes
cf-ray
66c46db27d6bdfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png
gblobscdn.gitbook.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png?alt=media&token=dee1844a-d4b1-4ff9-b234-06b2af94cea2
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330542
x-guploader-uploadid
ADPycdtaQ0HKE8W6XS6prXbvtZLSHOxE_QY7ObuSOnXO8yhaxnL3FNvgJZnlLSGaiVathRuGYSqTvt_NVGjD_D8PHLM
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
25134
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"17b7f296cb9b1b39f97ebc9bd1e5f41e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ThmbgQ==, md5=F7fylsubGzn5fryb0eX0Hg==
x-goog-generation
1562507414318112
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
25134
x-goog-meta-firebasestoragedownloadtokens
dee1844a-d4b1-4ff9-b234-06b2af94cea2
accept-ranges
bytes
cf-ray
66c46db27d6cdfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png
gblobscdn.gitbook.com/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png?alt=media&token=6cae38da-10f6-4375-87dd-fa9553be721b
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
211484
x-guploader-uploadid
ADPycdvqN_TtRwUaAQA1gRzRgLH9nOvHkpi3wG-SQ9KSK3RBzk-5vrzxfahiH8Bzh5afnzNrLwkcogxmvQms1UaPjGw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
19691
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"9202003a2104260df732b0ec0b13b60e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=RFG7fw==, md5=kgIAOiEEJg33MrDsCxO2Dg==
x-goog-generation
1562507414340087
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
19691
x-goog-meta-firebasestoragedownloadtokens
6cae38da-10f6-4375-87dd-fa9553be721b
accept-ranges
bytes
cf-ray
66c46db27d6ddfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png
gblobscdn.gitbook.com/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png?alt=media&token=ba8aab2e-113c-433f-9490-03d371794790
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330542
x-guploader-uploadid
ADPycdvjE5tDOuQxmD06iqw6DZadn3YChsk2bjojq52pkaHSGOwSfJKKgFZfBY3TahZSGMvCrSGeUY5xR6DOUFJYILFRxNOAVQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
107667
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"731d9f99b1f900e807fa1627250db841"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=u6c++Q==, md5=cx2fmbH5AOgH+hYnJQ24QQ==
x-goog-generation
1562507415058104
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
107667
x-goog-meta-firebasestoragedownloadtokens
ba8aab2e-113c-433f-9490-03d371794790
accept-ranges
bytes
cf-ray
66c46db27d70dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif
gblobscdn.gitbook.com/ 		796 KB
797 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif?alt=media&token=a66279aa-f0d6-426c-bfeb-c95c8896aabb
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
cf-cache-status
HIT
age
330542
x-guploader-uploadid
ADPycdvolZFFOhTR4B5oLZ5kwLu-f1uv6yTM7EoYp9lsxXfq9RSr87bAGkHoECxn7BG4lswouCkI57lTCnzwdGTdviitTMQ_yw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''syscall-debugging.gif
content-type
image/gif
content-length
815106
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"3b64be8009f87c22037997bc714e1d19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=KWhVFw==, md5=O2S+gAn4fCIDeZe8cU4dGQ==
x-goog-generation
1562507415745379
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
815106
x-goog-meta-firebasestoragedownloadtokens
a66279aa-f0d6-426c-bfeb-c95c8896aabb
accept-ranges
bytes
cf-ray
66c46db27d72dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:05 GMT
logger.min.js
cdn.lr-ingest.io/ 		721 KB
133 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.lr-ingest.io/logger.min.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:327f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66e62ccb828585259b218825517c5c045108d2a2953ae1c53dc3c4188667fae2
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:07 GMT
content-encoding
br
vary
x-fh-requested-host, accept-encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
291
x-cache
HIT
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-served-by
cache-fra19137-FRA
last-modified
Fri, 09 Jul 2021 16:49:19 GMT
server
cloudflare
x-timer
S1625849423.061706,VS0,VE284
etag
W/"918f7015918358182c7dd0d71d85e0125d89245dadc9b08228c999d9d3441dd0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31556926
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jrmJKn7JlHd8pek9cFNi%2BtqpfuR8x4O5Iyb1NUWGLQ%2B7B2amREjva7Wglb%2FAIJgqxj5gfut3E0i3XHp57%2B8X5Jaz7u4ZmvR015qfcS4IiXO4b25JyJRLPlHqUbQeoAFy81oxgbXi%2F2ZwwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
66c46db4395d4a8c-FRA
x-cache-hits
1
__session
app.gitbook.com/ 		52 B
595 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://app.gitbook.com/__session?proposed=07563391-619b-4749-bf2a-212ed36018fcR
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2bbac53f06c53ed59f4a6cab3f36ffcd7a31f5f905e3a516792139f72369be2e

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
x-magic-hash
080ea05ec6a6ae82b827e2b253803cb7031922e7d466a31221bd046e8343b904
x-powered-by
Express
x-cache
MISS
x-release
gitbook-28427-6.25.12
access-control-allow-origin
https://www.ired.team
server
cloudflare
etag
W/"34-cvYtNKJDd0jnTNBRvI1N1ndZyVU"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
via
no cache
x-cloud-trace-context
53a2a129f1fc41ce2942edcf1c2ea738
cache-control
private
access-control-allow-credentials
true
function-execution-id
x1ma7g7pccqe
cf-ray
66c46db6badc05f1-FRA
expires
Fri, 09 Jul 2021 20:51:08 GMT
b568cb0c-fe21-4ec4-9974-5f1f34934141
https://www.ired.team/ 		411 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.ired.team/b568cb0c-fe21-4ec4-9974-5f1f34934141
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aac7f7198d60d841dd42b328275bc0c3275a9640f2b7819c7b6fcd4331f81591

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
420914
.lp
gitbook-28427.firebaseio.com/ Frame C7F4 		422 B
664 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gitbook-28427.firebaseio.com/.lp?start=t&ser=87295329&cb=1&v=5
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
07bbe703e40c89862b363b6b37149e161a26134c6beb75f61f3649cd1ac86889
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
422
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png
gblobscdn.gitbook.com/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjArc3FHP4Bp0ltWUOF%2Fimage.png?alt=media&token=5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330545
x-guploader-uploadid
ADPycdt5_v06-LsD2UgJQtJCepA12dFc0HRmCCKEHworBkta8VPJlxWsNvGWIna9njGoI2jwzhtvcOhfJFJtBWfZmJ8
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
42185
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"ca14c741761d2f3e3cd310eb2589cdeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VButHw==, md5=yhTHQXYdLz480xDrJYnN6w==
x-goog-generation
1562505597293291
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
42185
x-goog-meta-firebasestoragedownloadtokens
5ff75d70-bcdb-4451-9082-b07ab0e4b6e2
accept-ranges
bytes
cf-ray
66c46dba1b19dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:03 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png
gblobscdn.gitbook.com/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZIlBFPLR4UN-jdL5%2Fimage.png?alt=media&token=fe38d794-7ef3-429f-946d-097bee5f8565
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330545
x-guploader-uploadid
ADPycdtuKekVBNwuOKT8YMETuVeA_CPx7p4Crj8PU5q1s6HdbkScI86XTTX3HAZoP0fBPiF1Vig2ZfsgEPGVwmwLZmQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
46600
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"fe685c9c5e46f45e0d699f9c1835d3e3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=PXQLdQ==, md5=/mhcnF5G9F4NaZ+cGDXT4w==
x-goog-generation
1562505597085480
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
46600
x-goog-meta-firebasestoragedownloadtokens
fe38d794-7ef3-429f-946d-097bee5f8565
accept-ranges
bytes
cf-ray
66c46dba1b1edfc3-FRA
expires
Wed, 06 Jul 2022 01:02:03 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png
gblobscdn.gitbook.com/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjAypSnABoamJA5qtKP%2Fimage.png?alt=media&token=c3e845dc-f3f0-484b-b9cd-173e5b92c970
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
211486
x-guploader-uploadid
ADPycdv-NNUzQ7AnkSOfj8Zytq42RwqPlIvpfZFCgvdJZBJe_XqIOghdGUyc8exYy0NFU3adcDNGD6kdEVUQpIjC5c70Yvc8mA
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
27890
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"9f676533c7e81b9c2aa11bc347c2a2e9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=jIgsaA==, md5=n2dlM8foG5wqoRvDR8Ki6Q==
x-goog-generation
1562505597082428
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
27890
x-goog-meta-firebasestoragedownloadtokens
c3e845dc-f3f0-484b-b9cd-173e5b92c970
accept-ranges
bytes
cf-ray
66c46dba1b25dfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png
gblobscdn.gitbook.com/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjAqJPrVK--o5vqKZl_%2F-LjBZcR2cOj3bna9xZac%2Fimage.png?alt=media&token=59316efd-8f34-4808-b60f-43d2fb36f4b2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
211486
x-guploader-uploadid
ADPycdth1WeErI-Ddeu6O0iWej3O5d3UkLspY-W77_EVj-3JXLNMXlz4yxOLmj-bSuXxwTDcaQ8bDx2fbhPwb5gzilqJ3kHJPg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
92397
last-modified
Sun, 07 Jul 2019 13:19:57 GMT
server
cloudflare
etag
"2b0fd2b58694f79194dbad709c1b407b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=JN5RqQ==, md5=Kw/StYaU95GU261wnBtAew==
x-goog-generation
1562505597695041
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
92397
x-goog-meta-firebasestoragedownloadtokens
59316efd-8f34-4808-b60f-43d2fb36f4b2
accept-ranges
bytes
cf-ray
66c46dba2b29dfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
6c3c9dec9383137845be0f0ea2cf1bf4.css
gstatic.gitbook.com/css/ 		1 KB
588 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/css/6c3c9dec9383137845be0f0ea2cf1bf4.css
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6767808
cf-polished
origSize=1701
x-guploader-uploadid
ABg5-UwiIdAcAjrmRlFxwdUIs61NAokkry_-iZ807hfyhPF7n05ywV-MhhKGJXAj1nhFXaaZ1Wx1tw1RuwfcZvRBTHA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/css
last-modified
Wed, 07 Apr 2021 08:43:49 GMT
server
cloudflare
etag
W/"6c3c9dec9383137845be0f0ea2cf1bf4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=hL62rA==, md5=bDyd7JODE3hFvg8Oos8b9A==
x-goog-generation
1617785029532093
access-control-allow-origin
*
expires
Thu, 21 Apr 2022 20:23:08 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1701
cf-ray
66c46dba3a0005f1-FRA
cf-bgj
minify
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png
gblobscdn.gitbook.com/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbmzimlPcrRQgsuBT%2Fimage.png?alt=media&token=a250b915-a7e2-4760-8183-d576f1482b3d
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330544
x-guploader-uploadid
ADPycdvDRsBOLhAIthjCQdoJTVtvcTpHRVn_5JffxJxArSZtMSBUt6HypHTr6BXy1f7a7_A8AoVnIhIOCIw85VRmx3I
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
9204
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"7e21e93c4eb6c35937cae29ac75c189d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=55IcWA==, md5=fiHpPE62w1k3yuKax1wYnQ==
x-goog-generation
1562507414312028
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
9204
x-goog-meta-firebasestoragedownloadtokens
a250b915-a7e2-4760-8183-d576f1482b3d
accept-ranges
bytes
cf-ray
66c46dba5bacdfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png
gblobscdn.gitbook.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBbx9pxN_2vbFOEkEZ%2Fimage.png?alt=media&token=95617a95-5298-48cf-a2de-f2dcfe881df5
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330544
x-guploader-uploadid
ADPycdt1aREqcs3wyCBTLU30u44Ws3hsyUynCWCz3By6ENpPjAKZqwMh4vdmnIRuRmsYgWZ4j7sKMWslWdybn58vGXQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
28334
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"96ff9af4be090f6f1b9cd6b152632c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=NlADyQ==, md5=lv+a9L4JD28bnNaxUmMsnw==
x-goog-generation
1562507414384037
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
28334
x-goog-meta-firebasestoragedownloadtokens
95617a95-5298-48cf-a2de-f2dcfe881df5
accept-ranges
bytes
cf-ray
66c46dba5bb7dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png
gblobscdn.gitbook.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBd_DMd_yudyBgGuWB%2Fimage.png?alt=media&token=dee1844a-d4b1-4ff9-b234-06b2af94cea2
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330543
x-guploader-uploadid
ADPycdtaQ0HKE8W6XS6prXbvtZLSHOxE_QY7ObuSOnXO8yhaxnL3FNvgJZnlLSGaiVathRuGYSqTvt_NVGjD_D8PHLM
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
25134
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"17b7f296cb9b1b39f97ebc9bd1e5f41e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=ThmbgQ==, md5=F7fylsubGzn5fryb0eX0Hg==
x-goog-generation
1562507414318112
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
25134
x-goog-meta-firebasestoragedownloadtokens
dee1844a-d4b1-4ff9-b234-06b2af94cea2
accept-ranges
bytes
cf-ray
66c46dba7beddfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png
gblobscdn.gitbook.com/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBeB7V-PtWxmKUSdwo%2Fimage.png?alt=media&token=6cae38da-10f6-4375-87dd-fa9553be721b
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
211485
x-guploader-uploadid
ADPycdvqN_TtRwUaAQA1gRzRgLH9nOvHkpi3wG-SQ9KSK3RBzk-5vrzxfahiH8Bzh5afnzNrLwkcogxmvQms1UaPjGw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
19691
last-modified
Sun, 07 Jul 2019 13:50:14 GMT
server
cloudflare
etag
"9202003a2104260df732b0ec0b13b60e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=RFG7fw==, md5=kgIAOiEEJg33MrDsCxO2Dg==
x-goog-generation
1562507414340087
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
19691
x-goog-meta-firebasestoragedownloadtokens
6cae38da-10f6-4375-87dd-fa9553be721b
accept-ranges
bytes
cf-ray
66c46dba8bfddfc3-FRA
expires
Thu, 07 Jul 2022 10:06:22 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png
gblobscdn.gitbook.com/ 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgEfj9hapb_G_hQm8%2Fimage.png?alt=media&token=ba8aab2e-113c-433f-9490-03d371794790
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330543
x-guploader-uploadid
ADPycdvjE5tDOuQxmD06iqw6DZadn3YChsk2bjojq52pkaHSGOwSfJKKgFZfBY3TahZSGMvCrSGeUY5xR6DOUFJYILFRxNOAVQ
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''image.png
content-type
image/png
content-length
107667
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"731d9f99b1f900e807fa1627250db841"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=u6c++Q==, md5=cx2fmbH5AOgH+hYnJQ24QQ==
x-goog-generation
1562507415058104
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
107667
x-goog-meta-firebasestoragedownloadtokens
ba8aab2e-113c-433f-9490-03d371794790
accept-ranges
bytes
cf-ray
66c46dbaac1cdfc3-FRA
expires
Wed, 06 Jul 2022 01:02:04 GMT
assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif
gblobscdn.gitbook.com/ 		796 KB
797 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gblobscdn.gitbook.com/assets%2F-LFEMnER3fywgFHoroYn%2F-LjB_qkyhCQvQXmTWkaq%2F-LjBgbyzlmx2SIrGuGIk%2Fsyscall-debugging.gif?alt=media&token=a66279aa-f0d6-426c-bfeb-c95c8896aabb
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:96f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
cf-cache-status
HIT
age
330543
x-guploader-uploadid
ADPycdvolZFFOhTR4B5oLZ5kwLu-f1uv6yTM7EoYp9lsxXfq9RSr87bAGkHoECxn7BG4lswouCkI57lTCnzwdGTdviitTMQ_yw
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-disposition
inline; filename*=utf-8''syscall-debugging.gif
content-type
image/gif
content-length
815106
last-modified
Sun, 07 Jul 2019 13:50:15 GMT
server
cloudflare
etag
"3b64be8009f87c22037997bc714e1d19"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=KWhVFw==, md5=O2S+gAn4fCIDeZe8cU4dGQ==
x-goog-generation
1562507415745379
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
815106
x-goog-meta-firebasestoragedownloadtokens
a66279aa-f0d6-426c-bfeb-c95c8896aabb
accept-ranges
bytes
cf-ray
66c46dbabc25dfc3-FRA
expires
Wed, 06 Jul 2022 01:02:05 GMT
.lp
s-usc1c-nss-226.firebaseio.com/ Frame 0C81 		420 B
649 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?dframe=t&id=3344490&pw=yVCcsUaLSM&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
f215b8ed3e73a7b97f789f661ff3f1b3e245728871eaed3708bc2ae5d72a9f28
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Host
s-usc1c-nss-226.firebaseio.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs

Response headers

Server
nginx
Date
Fri, 09 Jul 2021 20:51:08 GMT
Content-Type
text/html; charset=utf-8
Content-Length
420
Connection
keep-alive
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		15 B
256 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841499&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
15
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		58 B
299 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841500&ns=gitbook-28427&seg0=0&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MSwiYSI6InMiLCJiIjp7ImMiOnsic2RrLmpzLjctMTQtMSI6MX19fX0.
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
58
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
photo.jpg
lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh5.googleusercontent.com/-BT5DyX_LUys/AAAAAAAAAAI/AAAAAAAAAF4/wkmG-hKpMQk/photo.jpg
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 19:03:24 GMT
x-content-type-options
nosniff
age
6464
content-disposition
inline;filename=""
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6707
x-xss-protection
0
server
fife
etag
"v5e"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Wed, 07 Jul 2021 12:06:53 GMT
logo-ms-social.png
docs.microsoft.com/en-us/media/logos/ 		449 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.microsoft.com/en-us/media/logos/logo-ms-social.png
Requested by
Host: www.ired.team
URL: https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::353e Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
content-length
449
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
x-rendering-stack
Static
last-modified
Tue, 23 Mar 2021 02:10:29 GMT
x-datacenter
wus
date
Fri, 09 Jul 2021 20:51:08 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type
image/png
cache-control
public, max-age=1438
etag
"0x8D8EDA0D52AC0F3"
akamai-cache-status
Hit from child
request-context
appId=cid-v1:b1c5b6ea-7ff0-41d3-9862-84c5e1dc3be7
expires
Fri, 09 Jul 2021 21:15:06 GMT
/
www.gitbook.com/__amp/ 		7 B
159 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.gitbook.com/__amp/
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 09 Jul 2021 20:51:09 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=15768000
cf-ray
66c46dbbceaa2b7d-FRA
content-length
7
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 09 Jun 2021 17:36:57 GMT
server
Golfe2
age
5123
date
Fri, 09 Jul 2021 19:25:45 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19661
expires
Fri, 09 Jul 2021 21:25:45 GMT
7f9239ce726764aa22093884902e018d.svg
gstatic.gitbook.com/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gstatic.gitbook.com/images/7f9239ce726764aa22093884902e018d.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:08 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8330360
x-guploader-uploadid
ABg5-Uwp2ZHpfP2KRh3gmr5OfeDUxp0R7u-PLsf10qcUQXhVLjI--w_PdPdPrcA3PFb9bG3JCWQm3A0kt0wXHHc68KoZV03s2A
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/svg+xml
last-modified
Fri, 19 Mar 2021 17:17:25 GMT
server
cloudflare
etag
W/"7f9239ce726764aa22093884902e018d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=VnuT0A==, md5=f5I5znJnZKoiCTiEkC4BjQ==
x-goog-generation
1616174245138502
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-goog-stored-content-length
2137
cf-ray
66c46dbc0de505f1-FRA
expires
Mon, 04 Apr 2022 10:51:47 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1295062253&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&dp=%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&ul=en-us&de=UTF-8&dt=Calling%20Syscalls%20Directly%20from%20Visual%20Studio%20to%20Bypass%20AVs%2FEDRs%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=1237980425&gjid=851436652&cid=900053091.1625863869&tid=UA-57505611-10&_gid=239494152.1625863869&_r=1&_slc=1&cd1=-LFEMnER3fywgFHoroYn&cd2=-LFEMnEQwqZOY6DtfrzY&cd3=-Me6ZHRmUENLTClq_y23&cd4=master&cd5=-LjAqSVI10yo-MJuXTts&z=937978252
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 09 Jul 2021 20:51:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j91&a=1295062253&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ired.team%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&dp=%2Foffensive-security%2Fdefense-evasion%2Fusing-syscalls-directly-from-visual-studio-to-bypass-avs-edrs&ul=en-us&de=UTF-8&dt=Calling%20Syscalls%20Directly%20from%20Visual%20Studio%20to%20Bypass%20AVs%2FEDRs%20-%20Red%20Teaming%20Experiments&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAAC~&jid=264057625&gjid=832392482&cid=900053091.1625863869&tid=UA-128974775-1&_gid=239494152.1625863869&_r=1&_slc=1&z=617413149
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 09 Jul 2021 20:51:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ired.team
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		58 B
299 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841501&ns=gitbook-28427&seg0=1&ts0=1&d0=eyJ0IjoiZCIsImQiOnsiciI6MiwiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRm91dGZsYW5rJTJFbmwlMkZibG9nJTJGMjAxOSUyRjA2JTJGMTklMkZyZWQtdGVhbS10YWN0aWNzLWNvbWJpbmluZy1kaXJlY3Qtc3lzdGVtLWNhbGxzLWFuZC1zcmRpLXRvLWJ5cGFzcy1hdi1lZHIlMkYiLCJkIjp7Im91dGRhdGVkIjp0cnVlfX19fQ..&seg1=2&ts1=1&d1=eyJ0IjoiZCIsImQiOnsiciI6MywiYSI6Im0iLCJiIjp7InAiOiIvZW1iZWRzL2h0dHBzOiUyRiUyRmRvY3MlMkVtaWNyb3NvZnQlMkVjb20lMkZlbi11cyUyRndpbmRvd3MlMkZ3aW4zMiUyRmFwaSUyRndpbnRlcm5sJTJGbmYtd2ludGVybmwtbnRjcmVhdGVmaWxlIiwiZCI6eyJvdXRkYXRlZCI6dHJ1ZX19fX0.&seg2=3&ts2=1&d2=eyJ0IjoiZCIsImQiOnsiciI6NCwiYSI6InEiLCJiIjp7InAiOiIvc3BhY2VzLy1MRkVNbkVSM2Z5d2dGSG9yb1luL3VzZXJQYWdlUmF0aW5ncy8tTGpBcVNWSTEweW8tTUp1WFR0cy8tTWU4blZXc2VsWFVRWkt5ME1ubCIsImgiOiIifX19
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
712d6d4de72cccd1e89edb05c59b37a548fc8b5f5744c09e8b413506ca87cdcb
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:08 GMT
Server
nginx
Connection
keep-alive
Content-Length
58
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		102 B
344 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841502&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
425819f145ca9b3f9d58b05b06dc4fef7af51bdee0f08e604d8f69d86212a4cc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:09 GMT
Server
nginx
Connection
keep-alive
Content-Length
102
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		47 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841503&ns=gitbook-28427
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
431270143e9fb062562e977b4e3a627d721bfd1a97e45e87794e2515425f3f60
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:09 GMT
Server
nginx
Connection
keep-alive
Content-Length
47
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
.lp
s-usc1c-nss-226.firebaseio.com/ Frame C7F4 		38 B
279 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s-usc1c-nss-226.firebaseio.com/.lp?id=3344490&pw=yVCcsUaLSM&ser=25841504&ns=gitbook-28427&seg0=4&ts0=1&d0=eyJ0IjoiYyIsImQiOnsidCI6Im4iLCJkIjp7fX19
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
2600:1901:0:94b6:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
nginx /
Resource Hash
8e9bd0e2d3d483ebc55071a08a6b569aac5da3a6b7d473c4dd7f0288030f8dae
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 09 Jul 2021 20:51:09 GMT
Server
nginx
Connection
keep-alive
Content-Length
38
Strict-Transport-Security
max-age=31556926; includeSubDomains; preload
Content-Type
application/javascript; charset=utf-8
chunk.966.9bcdd26c.js
gstatic.gitbook.com/js/ 		1 MB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gstatic.gitbook.com/js/chunk.966.9bcdd26c.js
Requested by
Host: gstatic.gitbook.com
URL: https://gstatic.gitbook.com/js/111.893452c2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:86f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb

Request headers

Referer
https://www.ired.team/offensive-security/defense-evasion/using-syscalls-directly-from-visual-studio-to-bypass-avs-edrs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 09 Jul 2021 20:51:13 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8140719
cf-polished
origSize=1540766
x-guploader-uploadid
ABg5-UwpHqO3lEk5fGY24xMrxzKaUmsztOxRaJLPxdyRgqAeFBO9HlwfZkZiK-VlxtbNPv4e6b89Z03c6mD4LNmS6aO9oovXkg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
application/javascript
last-modified
Fri, 19 Mar 2021 17:17:25 GMT
server
cloudflare
etag
W/"1ee0a04f04f79506addc6f9cc9ade2c0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=6ui4QQ==, md5=HuCgTwT3lQat3G+cya3iwA==
x-goog-generation
1616174245205973
access-control-allow-origin
*
expires
Wed, 06 Apr 2022 15:32:34 GMT
cache-control
public, max-age=31536000
x-goog-stored-content-length
1540766
cf-ray
66c46dd81b0d3244-FRA
cf-bgj
minify

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| GITBOOK_STATE object| __LOADABLE_LOADED_CHUNKS__ object| GitBook object| __SENTRY__ function| _lrMutationObserver object| __SDKCONFIG__ number| 2f1acc6c3a606b082e5eef5e54414ffb function| Intercom function| Mousetrap function| setImmediate function| clearImmediate object| Prism object| __algolia object| regeneratorRuntime function| _LRLogger boolean| _lr_loaded function| pLPCommand1 function| pRTLPCB1 boolean| __isReactDndBackendSetUp string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

1 Cookies

Domain/Path Name / Value
.ired.team/ Name: amplitude_id_fef1e872c952688acd962d30aa545b9eired.team
Value: eyJkZXZpY2VJZCI6IjA3NTYzMzkxLTYxOWItNDc0OS1iZjJhLTIxMmVkMzYwMThmY1IiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTYyNTg2Mzg2ODI2NCwibGFzdEV2ZW50VGltZSI6MTYyNTg2Mzg2ODI2NCwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9

1 Console Messages

Source Level URL
Text
console-api log URL: https://gstatic.gitbook.com/js/111.893452c2.js(Line 1)
Message:
Application ready

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' gstatic.gitbook.com *.gitbook-staging.com *.gitbook.com *.firebaseio.com wss://*.firebaseio.com *.cloudfunctions.net *.googleapis.com *.gstatic.com data: *.google.com *.github.com *.algolianet.com *.algolia.net sentry.io *.logrocket.io *.lr-ingest.io *.stripe.com *.clearbit.com *.google-analytics.com d3hb14vkzrxvla.cloudfront.net d1j8pt39hxlh3d.cloudfront.net *.iframe.ly blob: cdn.jsdelivr.net cdnjs.cloudflare.com api.amplitude.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.intercomcdn.com https://intercom.help; script-src 'self' gstatic.gitbook.com 'unsafe-inline' *.firebaseio.com *.google.com polyfill.io cdn.lr-ingest.io cdn.logrocket.io *.stripe.com *.clearbit.com *.google-analytics.com *.iframe.ly *.gstatic.com cdnjs.cloudflare.com *.intercom.io *.intercomcdn.com gitbookio.github.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' gstatic.gitbook.com 'unsafe-inline' fonts.googleapis.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src * data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com; frame-src *; object-src 'none'; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors https:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.gitbook.com
cdn.lr-ingest.io
docs.microsoft.com
fonts.googleapis.com
fonts.gstatic.com
gblobscdn.gitbook.com
gitbook-28427.firebaseio.com
gstatic.gitbook.com
ired.team
lh5.googleusercontent.com
polyfill.io
s-usc1c-nss-226.firebaseio.com
unpkg.com
www.gitbook.com
www.google-analytics.com
www.ired.team
151.101.65.26
2600:1901:0:94b6::
2606:4700:3035::6815:327f
2606:4700:3036::ac43:b213
2606:4700::6810:7caf
2606:4700::6812:86f
2606:4700::6812:91
2606:4700::6812:96f
2a00:1450:4001:80e::2001
2a00:1450:4001:829::200e
2a00:1450:4001:82f::200a
2a00:1450:4001:830::2003
2a02:26f0:6c00:299::353e
07bbe703e40c89862b363b6b37149e161a26134c6beb75f61f3649cd1ac86889
0dce5da46efff3e6f2a0becf8686d2a98b52c575e3d23affab7a091d8b27d1f9
1e7af20bf828f0bef62fdc576b55c1ff6e2fce144321286548e6603f5de5b3c2
1f4e35a0173f90739b719e906fa5c0fd9ca677a310b81fa3803166b22199dbaf
2069c259c3eef690d62c0d9ca55a89498efbaedeb74b65070513ffbf60df6bb6
25599a4f79b3b74be393d2a0d55386ed73a28360af4f7b693a75593e8ff36a8b
26229819090dce19bc974819478b2daa7be55f4f7803259b68eb9f6af6587dbe
2bbac53f06c53ed59f4a6cab3f36ffcd7a31f5f905e3a516792139f72369be2e
2d59b358c254d5467046e6f341825949aafecfe46af27b541fae72850c9fc41f
35167ba1fc4cf1fc06cf5c7d659855729ac71fa694a7cb007ac76d2cf5160883
395aee6ff583c57a3b9c68837e58ebd3ab82dc69277f22e8532b61fe97ed298c
3d14e96bd08692f39b357173c908dcb0b21ee11d0bdb29b963ce7fcc836eb4fd
3e46dc2084ab2945b5af16a2d88abcd6fa7e8aa5ef5a43fc6c83ce561b6c9577
3e692de9565d90dd947a080d4d10cee72a83447ba053e08fdcac457d7197128a
425819f145ca9b3f9d58b05b06dc4fef7af51bdee0f08e604d8f69d86212a4cc
431270143e9fb062562e977b4e3a627d721bfd1a97e45e87794e2515425f3f60
5b08085db82bdd556abf8dfe2c049e433274cd77fe15cadaa1437af9b5e928eb
66e62ccb828585259b218825517c5c045108d2a2953ae1c53dc3c4188667fae2
6da43a0ac4abcb5bc4b10164a762759e5cc81f37e00033643034a891fb490c82
712d6d4de72cccd1e89edb05c59b37a548fc8b5f5744c09e8b413506ca87cdcb
73d6a5ea11fb7bf6e6a6ccd44b1635d52c79b0a00623d0387c9dddd4b7c68e89
7edc4c63b721a6cf081a6f4b9a676d64abb7953ee6bb770f45d0b6a7ca5f1d79
7f064bc8ed20d75e78805ec7c40459498070952acb3985faca22a35e3c9f78b5
863db76a201dedb75ccb6392a1664138cfb5c60d71e2073056db22ca39a56fec
8e9bd0e2d3d483ebc55071a08a6b569aac5da3a6b7d473c4dd7f0288030f8dae
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a18af7799b7d241fe5d00645492ccedcad39815e9f4125b7e3e90b18a1b77405
aac7f7198d60d841dd42b328275bc0c3275a9640f2b7819c7b6fcd4331f81591
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
aee2771f5f57ecf568ffffd5c0d0fee81b7fb2b5540e10d856f2462abdbd5f92
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b87e90677bdbc3c6bc296a368f57b2d72783c1a7c6e8e9325cd1645c18039cf2
bd8421a188c6b000167a66d7397edf18c54c7f18c24e0fe078d7c45aeae84ef4
c5e939d7d3f9c9bfe632d16484c12354fa89a12738f30f738aa81c984e5b9a92
c5ff636c13e4983198fbed7d325d1cbafbe544702de06f5874c46e359ce68b43
e97312a82f9e673fc389788d338041d63a1e5baf9b1a67796e39f3dce7788fe6
ef824052cc54e24358011a6d1f363813e99264883d6a019f5c98f75e43f78dc9
f215b8ed3e73a7b97f789f661ff3f1b3e245728871eaed3708bc2ae5d72a9f28
f29cd3a2bdcacf9f9f7285c9b74d89f55634f4d43752d81a48914afa7442eb66