Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    188s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    10/02/2022, 02:57 UTC

General

  • Target

    475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe

  • Size

    2.9MB

  • MD5

    d54474edd997f5ae1772d45974bd7005

  • SHA1

    1c6dd6518d61df04fe42b4280cbe1c0e62bb352b

  • SHA256

    475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57

  • SHA512

    e9f187eebdbef0c0b38d01c163c827ed6e6e5fcbe355ac50cded01521425a558f3d090c8b6d1039c760c623ca20432fe830d647428188428761e4b3a75d067f9

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies data under HKEY_USERS 45 IoCs
  • Modifies registry class 21 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
    "C:\Users\Admin\AppData\Local\Temp\475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe"
    1⤵
      PID:2908
    • C:\Users\Admin\AppData\Local\Temp\475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
      "C:\Users\Admin\AppData\Local\Temp\475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe" /SU
      1⤵
      • Checks computer location settings
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3284
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --new-window "http://go.1und1.de/os/win/edge_runonce"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:408
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9bd2046f8,0x7ff9bd204708,0x7ff9bd204718
          3⤵
            PID:452
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7881462317759381813,8669994732358346024,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
            3⤵
              PID:540
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7881462317759381813,8669994732358346024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2136
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7881462317759381813,8669994732358346024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2460 /prefetch:8
              3⤵
                PID:636
          • C:\Windows\system32\MusNotifyIcon.exe
            %systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 13
            1⤵
            • Checks processor information in registry
            PID:3348
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k NetworkService -p
            1⤵
            • Drops file in Windows directory
            • Modifies data under HKEY_USERS
            PID:3164
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:3292

            Network

            • flag-us
              DNS
              settings-win.data.microsoft.com
              Remote address:
              8.8.8.8:53
              Request
              settings-win.data.microsoft.com
              IN A
              Response
              settings-win.data.microsoft.com
              IN CNAME
              atm-settingsfe-prod-geo.trafficmanager.net
              atm-settingsfe-prod-geo.trafficmanager.net
              IN CNAME
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              IN A
              52.167.249.196
            • flag-us
              DNS
              settings-win.data.microsoft.com
              Remote address:
              8.8.8.8:53
              Request
              settings-win.data.microsoft.com
              IN A
              Response
              settings-win.data.microsoft.com
              IN CNAME
              atm-settingsfe-prod-geo.trafficmanager.net
              atm-settingsfe-prod-geo.trafficmanager.net
              IN CNAME
              settings-prod-eus2-2.eastus2.cloudapp.azure.com
              settings-prod-eus2-2.eastus2.cloudapp.azure.com
              IN A
              52.167.17.97
            • flag-us
              DNS
              settings-win.data.microsoft.com
              Remote address:
              8.8.8.8:53
              Request
              settings-win.data.microsoft.com
              IN A
              Response
              settings-win.data.microsoft.com
              IN CNAME
              atm-settingsfe-prod-geo.trafficmanager.net
              atm-settingsfe-prod-geo.trafficmanager.net
              IN CNAME
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              IN A
              52.167.249.196
            • flag-us
              DNS
              go.1und1.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              go.1und1.de
              IN A
              Response
              go.1und1.de
              IN CNAME
              redir.g-ha-web.de
              redir.g-ha-web.de
              IN A
              82.165.229.87
            • flag-us
              DNS
              dl.1und1.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              dl.1und1.de
              IN A
              Response
              dl.1und1.de
              IN CNAME
              dl.1und1.de.edgekey.net
              dl.1und1.de.edgekey.net
              IN CNAME
              e5416.g.akamaiedge.net
              e5416.g.akamaiedge.net
              IN A
              104.80.224.162
            • flag-nl
              GET
              http://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:80
              Request
              GET /backend/ie/hotnews-de-de-2.7.9.xml HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Host: dl.1und1.de
              Connection: Keep-Alive
              Response
              HTTP/1.1 301 Moved Permanently
              Location: https://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml
              Server: BigIP
              Content-Length: 0
              Cache-Control: max-age=30170401
              Date: Thu, 10 Feb 2022 03:01:05 GMT
              Connection: keep-alive
            • flag-de
              GET
              http://go.1und1.de/tb/ie_desktop_shortcuts
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              82.165.229.87:80
              Request
              GET /tb/ie_desktop_shortcuts HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Host: go.1und1.de
              Connection: Keep-Alive
              Response
              HTTP/1.1 302 Found
              Date: Thu, 10 Feb 2022 03:01:05 GMT
              Server: Apache
              Pragma: no-cache
              Cache-Control: no-cache
              Location: http://download.1und1.de/backend/ie/ie_desktop_shortcuts
              Content-Length: 240
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
            • flag-de
              GET
              http://go.1und1.de/tb/ie_shop_providers
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              82.165.229.87:80
              Request
              GET /tb/ie_shop_providers HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Host: go.1und1.de
              Connection: Keep-Alive
              Response
              HTTP/1.1 302 Found
              Date: Thu, 10 Feb 2022 03:01:05 GMT
              Server: Apache
              Pragma: no-cache
              Cache-Control: no-cache
              Location: https://suche.1und1.de/starthp?src=go_fallback
              Content-Length: 230
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
            • flag-us
              DNS
              download.1und1.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              download.1und1.de
              IN A
              Response
              download.1und1.de
              IN CNAME
              redir.g-ha-1und1.de
              redir.g-ha-1und1.de
              IN A
              82.165.229.152
            • flag-us
              DNS
              suche.1und1.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              suche.1und1.de
              IN A
              Response
              suche.1und1.de
              IN CNAME
              suche-rlp.ha-cdn.de
              suche-rlp.ha-cdn.de
              IN A
              82.165.229.23
            • flag-nl
              GET
              https://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:443
              Request
              GET /backend/ie/hotnews-de-de-2.7.9.xml HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Connection: Keep-Alive
              Host: dl.1und1.de
              Response
              HTTP/1.1 404 Not Found
              Server: Apache
              Content-Length: 196
              Content-Type: text/html; charset=iso-8859-1
              Cache-Control: max-age=31535923
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Connection: keep-alive
            • flag-nl
              GET
              https://dl.1und1.de/backend/icons/1und1.ico
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:443
              Request
              GET /backend/icons/1und1.ico HTTP/1.1
              Accept: image/vnd.microsoft.icon, image/x-icon
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Host: dl.1und1.de
              Connection: Keep-Alive
              Response
              HTTP/1.1 200 OK
              Server: Apache
              ETag: "2cee-51426dc5c8e14"
              Last-Modified: Mon, 20 Apr 2015 12:13:41 GMT
              X-Robots-Tag: noindex
              Content-Type: image/vnd.microsoft.icon
              Cache-Control: public, max-age=3498
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Content-Length: 11502
              Connection: keep-alive
            • flag-de
              GET
              https://suche.1und1.de/starthp?src=go_fallback
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              82.165.229.23:443
              Request
              GET /starthp?src=go_fallback HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Connection: Keep-Alive
              Host: suche.1und1.de
              Response
              HTTP/1.1 200 OK
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Server: Apache
              Set-Cookie: user_locale=US; Path=/
              Content-Type: text/html; charset=utf-8
              Vary: Accept-Encoding
              Accept-Ranges: bytes
              Access-Control-Allow-Methods: GET
              Access-Control-Allow-Origin: *
              Cache-Control: no-store
              Origin: suche.1und1.de
              Pragma: no-cache
              X-Xss-Protection: 0
              Via: 1.1 suche.1und1.de
              Keep-Alive: timeout=5, max=100
              Connection: Keep-Alive
              Transfer-Encoding: chunked
              Set-Cookie: XSRF-TOKEN=32dd2836fa8938cde6e3ee30cf14cd1a;Path=/;Secure
              Strict-Transport-Security: max-age=31536000; includeSubDomains
            • flag-de
              GET
              http://download.1und1.de/backend/ie/ie_desktop_shortcuts
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              82.165.229.152:80
              Request
              GET /backend/ie/ie_desktop_shortcuts HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Connection: Keep-Alive
              Host: download.1und1.de
              Response
              HTTP/1.1 301 Moved Permanently
              Date: Thu, 10 Feb 2022 03:01:06 GMT
              Server: Apache
              Location: https://dl.1und1.de//backend/ie/ie_desktop_shortcuts
              Content-Length: 260
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
            • flag-nl
              GET
              https://dl.1und1.de//backend/ie/ie_desktop_shortcuts
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:443
              Request
              GET //backend/ie/ie_desktop_shortcuts HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Connection: Keep-Alive
              Host: dl.1und1.de
              Response
              HTTP/1.1 200 OK
              Server: Apache
              ETag: "ef-5531745323625"
              Last-Modified: Thu, 29 Jun 2017 11:04:53 GMT
              X-Robots-Tag: noindex
              Cache-Control: public, max-age=3554
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Content-Length: 239
              Connection: keep-alive
            • flag-us
              DNS
              ocsp.telesec.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              ocsp.telesec.de
              IN A
              Response
              ocsp.telesec.de
              IN A
              80.158.50.254
              ocsp.telesec.de
              IN A
              80.158.61.91
              ocsp.telesec.de
              IN A
              80.158.59.63
              ocsp.telesec.de
              IN A
              217.170.186.122
              ocsp.telesec.de
              IN A
              217.170.186.111
            • flag-de
              GET
              http://ocsp.telesec.de/ocspr/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTFx4BvOw7Ixax9%2BP2ZItzIsVvQvwQUv1kgNgB5oKAia4zV8mHSuCzLgkoCCH45x60d2fBD
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              80.158.50.254:80
              Request
              GET /ocspr/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTFx4BvOw7Ixax9%2BP2ZItzIsVvQvwQUv1kgNgB5oKAia4zV8mHSuCzLgkoCCH45x60d2fBD HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: ocsp.telesec.de
              Response
              HTTP/1.1 200 OK
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Server: Apache
              Cache-Control: must-revalidate,no-cache,no-store
              Content-Type: application/ocsp-response
              Content-Length: 1481
              Connection: close
            • flag-us
              DNS
              ocsp.serverpass.telesec.de
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              8.8.8.8:53
              Request
              ocsp.serverpass.telesec.de
              IN A
              Response
              ocsp.serverpass.telesec.de
              IN A
              80.158.50.254
              ocsp.serverpass.telesec.de
              IN A
              80.158.59.63
              ocsp.serverpass.telesec.de
              IN A
              80.158.61.91
              ocsp.serverpass.telesec.de
              IN A
              217.170.186.122
              ocsp.serverpass.telesec.de
              IN A
              217.170.186.111
            • flag-de
              GET
              http://ocsp.serverpass.telesec.de/ocspr/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT66Lqmxf42hHuY8hKFZzVwT4YoDAQUlMh0RvU6tEZIJvgryjQeViYEEgACEA390hO8ff9jnvoFNBYch9M%3D
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              80.158.50.254:80
              Request
              GET /ocspr/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT66Lqmxf42hHuY8hKFZzVwT4YoDAQUlMh0RvU6tEZIJvgryjQeViYEEgACEA390hO8ff9jnvoFNBYch9M%3D HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              User-Agent: Microsoft-CryptoAPI/10.0
              Host: ocsp.serverpass.telesec.de
              Response
              HTTP/1.1 200 OK
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Server: Apache
              Cache-Control: must-revalidate,no-cache,no-store
              Content-Type: application/ocsp-response
              Content-Length: 1583
              Connection: close
            • flag-nl
              GET
              http://dl.1und1.de/backend/ie/hotnews-de-de.xml
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:80
              Request
              GET /backend/ie/hotnews-de-de.xml HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Host: dl.1und1.de
              Connection: Keep-Alive
              Response
              HTTP/1.1 301 Moved Permanently
              Location: https://dl.1und1.de/backend/ie/hotnews-de-de.xml
              Server: BigIP
              Content-Length: 0
              Cache-Control: max-age=21801001
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Connection: keep-alive
            • flag-nl
              GET
              https://dl.1und1.de/backend/ie/hotnews-de-de.xml
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              Remote address:
              104.80.224.162:443
              Request
              GET /backend/ie/hotnews-de-de.xml HTTP/1.1
              Accept: application/xml
              User-Agent: 1und1 MailCheck/2.7.9 (Windows NT 10.0; Win64; x64)
              Connection: Keep-Alive
              Host: dl.1und1.de
              Response
              HTTP/1.1 200 OK
              Last-Modified: Wed, 04 Jan 2017 19:13:02 GMT
              ETag: "231-5454992df1f5b"
              Server: Apache
              X-Robots-Tag: noindex
              Content-Type: application/xml
              Cache-Control: public, max-age=2144
              Date: Thu, 10 Feb 2022 03:01:11 GMT
              Content-Length: 561
              Connection: keep-alive
            • flag-us
              DNS
              settings-win.data.microsoft.com
              Remote address:
              8.8.8.8:53
              Request
              settings-win.data.microsoft.com
              IN A
              Response
              settings-win.data.microsoft.com
              IN CNAME
              atm-settingsfe-prod-geo.trafficmanager.net
              atm-settingsfe-prod-geo.trafficmanager.net
              IN CNAME
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              settings-prod-eus2-1.eastus2.cloudapp.azure.com
              IN A
              52.167.249.196
            • flag-us
              DNS
              geo.prod.do.dsp.mp.microsoft.com
              NetworkService
              Remote address:
              8.8.8.8:53
              Request
              geo.prod.do.dsp.mp.microsoft.com
              IN A
              Response
              geo.prod.do.dsp.mp.microsoft.com
              IN CNAME
              geo.prod.do.dsp.trafficmanager.net
              geo.prod.do.dsp.trafficmanager.net
              IN CNAME
              array805.prod.do.dsp.mp.microsoft.com
              array805.prod.do.dsp.mp.microsoft.com
              IN A
              52.143.80.209
            • flag-us
              DNS
              kv801.prod.do.dsp.mp.microsoft.com
              NetworkService
              Remote address:
              8.8.8.8:53
              Request
              kv801.prod.do.dsp.mp.microsoft.com
              IN A
              Response
              kv801.prod.do.dsp.mp.microsoft.com
              IN CNAME
              kv801.prod.do.dsp.mp.microsoft.com.edgekey.net
              kv801.prod.do.dsp.mp.microsoft.com.edgekey.net
              IN CNAME
              e12437.g.akamaiedge.net
              e12437.g.akamaiedge.net
              IN A
              184.29.205.60
            • flag-nl
              GET
              https://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1
              NetworkService
              Remote address:
              184.29.205.60:443
              Request
              GET /all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1 HTTP/1.1
              Connection: Keep-Alive
              Accept: */*
              Accept-Encoding: gzip, deflate
              User-Agent: Microsoft-Delivery-Optimization/10.0
              MS-CV: fvwt2NVPlUqUD1hH.2.1.1
              Content-Length: 0
              Host: kv801.prod.do.dsp.mp.microsoft.com
              Response
              HTTP/1.1 200 OK
              Content-Type: text/json
              Server: Microsoft-IIS/10.0
              X-AspNet-Version: 4.0.30319
              X-Powered-By: ASP.NET
              Vary: Accept-Encoding
              Content-Encoding: gzip
              Content-Length: 808
              Cache-Control: max-age=52
              Date: Thu, 10 Feb 2022 03:01:35 GMT
              Connection: keep-alive
            • flag-us
              DNS
              nav.smartscreen.microsoft.com
              msedge.exe
              Remote address:
              8.8.8.8:53
              Request
              nav.smartscreen.microsoft.com
              IN A
              Response
              nav.smartscreen.microsoft.com
              IN CNAME
              wd-prod-ss.trafficmanager.net
              wd-prod-ss.trafficmanager.net
              IN CNAME
              wd-prod-ss-us-east-1-fe.eastus.cloudapp.azure.com
              wd-prod-ss-us-east-1-fe.eastus.cloudapp.azure.com
              IN A
              20.81.51.95
            • flag-us
              POST
              https://nav.smartscreen.microsoft.com/api/browser/edge/actions
              msedge.exe
              Remote address:
              20.81.51.95:443
              Request
              POST /api/browser/edge/actions HTTP/1.1
              Connection: Keep-Alive
              Content-Type: application/json
              Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiYmtad20vZlFrMDg9Iiwia2V5IjoiaWNzZFVUNHZCY2xZSklRclF5d1ZIUT09In0=
              User-Agent: SmartScreen/281479409565696
              Content-Length: 1272
              Host: nav.smartscreen.microsoft.com
              Response
              HTTP/1.1 200 OK
              Cache-Control: max-age=0, private
              Content-Length: 2051
              Content-Type: application/json; charset=utf-8
              Server: Microsoft-HTTPAPI/2.0
              X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,ServiceAdhocDetonate,serviceClientModelDetonate,servicePhishDetonate,servicePhishDetonateLegacy,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
              Date: Thu, 10 Feb 2022 03:01:46 GMT
              Connection: close
            • flag-us
              DNS
              smartscreen-prod.microsoft.com
              msedge.exe
              Remote address:
              8.8.8.8:53
              Request
              smartscreen-prod.microsoft.com
              IN A
              Response
              smartscreen-prod.microsoft.com
              IN CNAME
              wd-prod-ss.trafficmanager.net
              wd-prod-ss.trafficmanager.net
              IN CNAME
              wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com
              wd-prod-ss-us-east-2-fe.eastus.cloudapp.azure.com
              IN A
              20.81.52.156
            • flag-us
              POST
              https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
              msedge.exe
              Remote address:
              20.81.52.156:443
              Request
              POST /api/browser/edge/data/settings HTTP/1.1
              Connection: Keep-Alive
              Content-Type: application/json; charset=utf-8
              Accept: application/x-patch-bsdiff, application/octet-stream
              Authorization: SmartScreenHash eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQiLCJoYXNoIjoiYmtad20vZlFrMDg9Iiwia2V5IjoiaWNzZFVUNHZCY2xZSklRclF5d1ZIUT09In0=
              If-None-Match: "2.0-0"
              User-Agent: SmartScreen/281479409565696
              Content-Length: 1272
              Host: smartscreen-prod.microsoft.com
              Response
              HTTP/1.1 200 OK
              Content-Length: 129085
              Content-Type: application/octet-stream
              ETag: "2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1"
              Server: Microsoft-HTTPAPI/2.0
              X-SmartScreen-Flight-Vector: EnableNsHumorMatch,enableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,isCurfTstEnabled,isNpPIOverrideBlockEnabled,ListApiE5V2Enabled,npSettings2004,ServiceAdhocDetonate,serviceClientModelDetonate,servicePhishDetonate,servicePhishDetonateLegacy,SrcEOPEnabled,topTrafficV2Enabled,UpdateOnMissingEtagEnabled,updateSigningCert,updateSigningCertForRS3RS4
              Date: Thu, 10 Feb 2022 03:01:47 GMT
              Connection: close
            • flag-us
              GET
              https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22IICLQzIHSHofpfdgZrDul8PdJyn3U%2FUW3kYLrLVpro8%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-99770-6-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-2-18%2CP-R-69385-1-5%2CP-R-68026-7-37%2CP-R-68490-1-3%2CP-R-68172-1-4%2CP-R-68175-1-6%2CP-R-68176-3-8%2CP-R-68179-1-3%2CP-R-68187-2-33%2CP-R-68189-1-7%2CP-R-68191-2-8%2CP-R-68192-2-8%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Atrue%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Atrue%2C%22ServicePhishDetonateLegacy%22%3Atrue%2C%22ServiceAdhocDetonate%22%3Atrue%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
              msedge.exe
              Remote address:
              20.81.52.156:443
              Request
              GET /windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22IICLQzIHSHofpfdgZrDul8PdJyn3U%2FUW3kYLrLVpro8%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-99770-6-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-2-18%2CP-R-69385-1-5%2CP-R-68026-7-37%2CP-R-68490-1-3%2CP-R-68172-1-4%2CP-R-68175-1-6%2CP-R-68176-3-8%2CP-R-68179-1-3%2CP-R-68187-2-33%2CP-R-68189-1-7%2CP-R-68191-2-8%2CP-R-68192-2-8%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Atrue%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Atrue%2C%22ServicePhishDetonateLegacy%22%3Atrue%2C%22ServiceAdhocDetonate%22%3Atrue%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D HTTP/1.1
              Connection: Keep-Alive
              Accept: application/x-patch-bsdiff, application/octet-stream
              Authorization: SmartScreenPlain eyJhdXRoSWQiOiIzODFkZGQxZS1lNjAwLTQyZGUtOTRlZC04YzM0YmY3M2YxNmQifQ==
              If-None-Match: "170540185939602997400506234197983529371"
              User-Agent: SmartScreen/281479409565696
              Host: smartscreen-prod.microsoft.com
              Response
              HTTP/1.1 200 OK
              Cache-Control: max-age=86400
              Content-Length: 461072
              Content-Type: application/octet-stream
              ETag: "637786431098503299"
              Server: Microsoft-HTTPAPI/2.0
              X-SmartScreen-Flight-Vector: EnableNsHumorMatch,EnableProxyLeniency,IsArsFmsIntegrationEnabled,IsCurfId0LoggingEnabled,IsNpPIOverrideBlockEnabled,ListApiE5V2Enabled,NpSettings2004,ServiceAdhocDetonate,ServiceClientModelDetonate,ServicePhishDetonate,ServicePhishDetonateLegacy,SrcEOPEnabled,TopTrafficV2Enabled,UpdateOnMissingEtagEnabled,UpdateSigningCert,UpdateSigningCertForRS3RS4
              Date: Thu, 10 Feb 2022 03:01:47 GMT
              Connection: close
            • flag-us
              DNS
              dns.google
              msedge.exe
              Remote address:
              8.8.8.8:53
              Request
              dns.google
              IN A
              Response
              dns.google
              IN A
              8.8.4.4
              dns.google
              IN A
              8.8.8.8
            • 52.167.17.97:443
              260 B
              5
            • 20.190.159.136:443
              260 B
              5
            • 20.190.159.136:443
              260 B
              5
            • 20.190.159.136:443
              260 B
              5
            • 20.190.159.136:443
              260 B
              5
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              1.6kB
              4.4kB
              12
              10
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              2.0kB
              14.9kB
              16
              18
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              1.3kB
              8.1kB
              14
              14
            • 52.167.17.97:443
              settings-win.data.microsoft.com
              260 B
              5
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              2.6kB
              8.0kB
              15
              15
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              2.6kB
              8.0kB
              15
              15
            • 104.80.224.162:80
              http://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              461 B
              400 B
              6
              4

              HTTP Request

              GET http://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml

              HTTP Response

              301
            • 82.165.229.87:80
              http://go.1und1.de/tb/ie_desktop_shortcuts
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              450 B
              723 B
              6
              5

              HTTP Request

              GET http://go.1und1.de/tb/ie_desktop_shortcuts

              HTTP Response

              302
            • 82.165.229.87:80
              http://go.1und1.de/tb/ie_shop_providers
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              447 B
              703 B
              6
              5

              HTTP Request

              GET http://go.1und1.de/tb/ie_shop_providers

              HTTP Response

              302
            • 104.80.224.162:443
              https://dl.1und1.de/backend/icons/1und1.ico
              tls, http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              1.7kB
              17.6kB
              21
              20

              HTTP Request

              GET https://dl.1und1.de/backend/ie/hotnews-de-de-2.7.9.xml

              HTTP Response

              404

              HTTP Request

              GET https://dl.1und1.de/backend/icons/1und1.ico

              HTTP Response

              200
            • 82.165.229.23:443
              https://suche.1und1.de/starthp?src=go_fallback
              tls, http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              3.9kB
              89.2kB
              74
              73

              HTTP Request

              GET https://suche.1und1.de/starthp?src=go_fallback

              HTTP Response

              200
            • 82.165.229.152:80
              http://download.1und1.de/backend/ie/ie_desktop_shortcuts
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              464 B
              708 B
              6
              5

              HTTP Request

              GET http://download.1und1.de/backend/ie/ie_desktop_shortcuts

              HTTP Response

              301
            • 104.80.224.162:443
              https://dl.1und1.de//backend/ie/ie_desktop_shortcuts
              tls, http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              1.1kB
              5.6kB
              14
              12

              HTTP Request

              GET https://dl.1und1.de//backend/ie/ie_desktop_shortcuts

              HTTP Response

              200
            • 80.158.50.254:80
              http://ocsp.telesec.de/ocspr/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTFx4BvOw7Ixax9%2BP2ZItzIsVvQvwQUv1kgNgB5oKAia4zV8mHSuCzLgkoCCH45x60d2fBD
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              500 B
              1.9kB
              6
              6

              HTTP Request

              GET http://ocsp.telesec.de/ocspr/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTFx4BvOw7Ixax9%2BP2ZItzIsVvQvwQUv1kgNgB5oKAia4zV8mHSuCzLgkoCCH45x60d2fBD

              HTTP Response

              200
            • 80.158.50.254:80
              http://ocsp.serverpass.telesec.de/ocspr/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT66Lqmxf42hHuY8hKFZzVwT4YoDAQUlMh0RvU6tEZIJvgryjQeViYEEgACEA390hO8ff9jnvoFNBYch9M%3D
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              523 B
              2.0kB
              6
              6

              HTTP Request

              GET http://ocsp.serverpass.telesec.de/ocspr/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT66Lqmxf42hHuY8hKFZzVwT4YoDAQUlMh0RvU6tEZIJvgryjQeViYEEgACEA390hO8ff9jnvoFNBYch9M%3D

              HTTP Response

              200
            • 104.80.224.162:80
              http://dl.1und1.de/backend/ie/hotnews-de-de.xml
              http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              455 B
              394 B
              6
              4

              HTTP Request

              GET http://dl.1und1.de/backend/ie/hotnews-de-de.xml

              HTTP Response

              301
            • 104.80.224.162:443
              https://dl.1und1.de/backend/ie/hotnews-de-de.xml
              tls, http
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              1.0kB
              5.8kB
              11
              10

              HTTP Request

              GET https://dl.1und1.de/backend/ie/hotnews-de-de.xml

              HTTP Response

              200
            • 52.167.249.196:443
              settings-win.data.microsoft.com
              tls, https
              2.0kB
              4.4kB
              12
              10
            • 52.143.80.209:443
              geo.prod.do.dsp.mp.microsoft.com
              tls, https
              NetworkService
              1.2kB
              3.5kB
              12
              9
            • 184.29.205.60:443
              https://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1
              tls, http
              NetworkService
              1.0kB
              7.7kB
              8
              11

              HTTP Request

              GET https://kv801.prod.do.dsp.mp.microsoft.com/all?doClientVersion=10.0.19041.1266&countryCode=US&profile=256&CacheId=1

              HTTP Response

              200
            • 127.0.0.1:5985
            • 20.81.51.95:443
              https://nav.smartscreen.microsoft.com/api/browser/edge/actions
              tls, http
              msedge.exe
              2.6kB
              10.3kB
              12
              11

              HTTP Request

              POST https://nav.smartscreen.microsoft.com/api/browser/edge/actions

              HTTP Response

              200
            • 20.81.52.156:443
              https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings
              tls, http
              msedge.exe
              4.7kB
              141.1kB
              55
              99

              HTTP Request

              POST https://smartscreen-prod.microsoft.com/api/browser/edge/data/settings

              HTTP Response

              200
            • 20.81.52.156:443
              https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22IICLQzIHSHofpfdgZrDul8PdJyn3U%2FUW3kYLrLVpro8%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-99770-6-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-2-18%2CP-R-69385-1-5%2CP-R-68026-7-37%2CP-R-68490-1-3%2CP-R-68172-1-4%2CP-R-68175-1-6%2CP-R-68176-3-8%2CP-R-68179-1-3%2CP-R-68187-2-33%2CP-R-68189-1-7%2CP-R-68191-2-8%2CP-R-68192-2-8%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Atrue%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Atrue%2C%22ServicePhishDetonateLegacy%22%3Atrue%2C%22ServiceAdhocDetonate%22%3Atrue%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D
              tls, http
              msedge.exe
              10.2kB
              482.7kB
              169
              326

              HTTP Request

              GET https://smartscreen-prod.microsoft.com/windows/browser/edge/data/toptraffic?pushCert=false&os=10.0.19041.1288.vb_release&flight=%7B%22ETag%22%3A%22%5C%22IICLQzIHSHofpfdgZrDul8PdJyn3U%2FUW3kYLrLVpro8%3D%5C%22%22%2C%22Ids%22%3A%5B%22P-R-99770-6-31%2CP-R-86682-4-37%2CP-R-73000-8-25%2CP-R-72999-9-23%2CP-R-70204-2-18%2CP-R-69385-1-5%2CP-R-68026-7-37%2CP-R-68490-1-3%2CP-R-68172-1-4%2CP-R-68175-1-6%2CP-R-68176-3-8%2CP-R-68179-1-3%2CP-R-68187-2-33%2CP-R-68189-1-7%2CP-R-68191-2-8%2CP-R-68192-2-8%2CP-R-68306-1-20%2CP-R-68307-1-3%2CP-D-68194-1-2%22%5D%2C%22Settings%22%3A%7B%22Names%22%3Anull%2C%22Ring%22%3A0%2C%22Models%22%3Anull%2C%22ServiceClientModelDetonate%22%3Atrue%2C%22WdsiFeedback%22%3Afalse%2C%22NPFeedbackUriOverride%22%3Anull%2C%22NetworkFilterDetonate%22%3Afalse%2C%22ServicePhishDetonate%22%3Atrue%2C%22ServicePhishDetonateLegacy%22%3Atrue%2C%22ServiceAdhocDetonate%22%3Atrue%2C%22NpSettings2004%22%3Atrue%2C%22UpdateSigningCert%22%3Atrue%2C%22UpdateSigningCertForRS3RS4%22%3Atrue%2C%22NpSettings2004Value%22%3A0%2C%22IsCOCOBlockEnabled%22%3Afalse%2C%22NpIpBlockOverrideValue%22%3A0%2C%22TopTrafficV2Enabled%22%3Atrue%2C%22ListApiE5V2Enabled%22%3Atrue%2C%22IsNpPIOverrideBlockEnabled%22%3Atrue%2C%22TopTrafficV2MobileFlightEnabled%22%3Afalse%2C%22BloomFilterDeltaFlag%22%3A1%2C%22SrcEOPEnabled%22%3Atrue%2C%22IsCurfId0LoggingEnabled%22%3Atrue%2C%22IsCurfId0BlockingEnabled%22%3Afalse%2C%22UpdateOnMissingEtagEnabled%22%3Atrue%2C%22EnableProxyLeniency%22%3Atrue%2C%22IsArsFmsIntegrationEnabled%22%3Atrue%2C%22EnableNsHumorMatch%22%3Atrue%2C%22ApplyNsHumorVerdict%22%3Afalse%2C%22EnableNpSkipNonWeb%22%3Afalse%2C%22MTDThrottleFactor%22%3A0.0%2C%22UnsilenceModelGuid%22%3Anull%7D%7D

              HTTP Response

              200
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.4.4:443
              dns.google
              tls
              msedge.exe
              747 B
              5.1kB
              5
              6
            • 8.8.8.8:53
              settings-win.data.microsoft.com
              dns
              77 B
              207 B
              1
              1

              DNS Request

              settings-win.data.microsoft.com

              DNS Response

              52.167.249.196

            • 8.8.8.8:53
              settings-win.data.microsoft.com
              dns
              77 B
              207 B
              1
              1

              DNS Request

              settings-win.data.microsoft.com

              DNS Response

              52.167.17.97

            • 8.8.8.8:53
              settings-win.data.microsoft.com
              dns
              77 B
              207 B
              1
              1

              DNS Request

              settings-win.data.microsoft.com

              DNS Response

              52.167.249.196

            • 8.8.8.8:53
              go.1und1.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              57 B
              102 B
              1
              1

              DNS Request

              go.1und1.de

              DNS Response

              82.165.229.87

            • 8.8.8.8:53
              dl.1und1.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              57 B
              143 B
              1
              1

              DNS Request

              dl.1und1.de

              DNS Response

              104.80.224.162

            • 8.8.8.8:53
              download.1und1.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              63 B
              110 B
              1
              1

              DNS Request

              download.1und1.de

              DNS Response

              82.165.229.152

            • 8.8.8.8:53
              suche.1und1.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              60 B
              107 B
              1
              1

              DNS Request

              suche.1und1.de

              DNS Response

              82.165.229.23

            • 8.8.8.8:53
              ocsp.telesec.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              61 B
              141 B
              1
              1

              DNS Request

              ocsp.telesec.de

              DNS Response

              80.158.50.254
              80.158.61.91
              80.158.59.63
              217.170.186.122
              217.170.186.111

            • 8.8.8.8:53
              ocsp.serverpass.telesec.de
              dns
              475eba482ed51fe75968f9457f559c9af6cf50ea35bc305e39e8bdee7e75bf57.exe
              72 B
              152 B
              1
              1

              DNS Request

              ocsp.serverpass.telesec.de

              DNS Response

              80.158.50.254
              80.158.59.63
              80.158.61.91
              217.170.186.122
              217.170.186.111

            • 8.8.8.8:53
              settings-win.data.microsoft.com
              dns
              77 B
              207 B
              1
              1

              DNS Request

              settings-win.data.microsoft.com

              DNS Response

              52.167.249.196

            • 8.8.8.8:53
              geo.prod.do.dsp.mp.microsoft.com
              dns
              NetworkService
              78 B
              165 B
              1
              1

              DNS Request

              geo.prod.do.dsp.mp.microsoft.com

              DNS Response

              52.143.80.209

            • 8.8.8.8:53
              kv801.prod.do.dsp.mp.microsoft.com
              dns
              NetworkService
              80 B
              190 B
              1
              1

              DNS Request

              kv801.prod.do.dsp.mp.microsoft.com

              DNS Response

              184.29.205.60

            • 8.8.8.8:53
              nav.smartscreen.microsoft.com
              dns
              msedge.exe
              75 B
              194 B
              1
              1

              DNS Request

              nav.smartscreen.microsoft.com

              DNS Response

              20.81.51.95

            • 8.8.8.8:53
              smartscreen-prod.microsoft.com
              dns
              msedge.exe
              76 B
              195 B
              1
              1

              DNS Request

              smartscreen-prod.microsoft.com

              DNS Response

              20.81.52.156

            • 8.8.8.8:53
              dns.google
              dns
              msedge.exe
              56 B
              88 B
              1
              1

              DNS Request

              dns.google

              DNS Response

              8.8.4.4
              8.8.8.8

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/540-137-0x00007FF9DD350000-0x00007FF9DD351000-memory.dmp

              Filesize

              4KB

            We care about your privacy.

            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.