Analysis
-
max time kernel
164s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 23:04
Behavioral task
behavioral1
Sample
f5858eedfbb9ea4d4a85a242434baff7a16719b59067c2ad4f77fe502448a9a3.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
f5858eedfbb9ea4d4a85a242434baff7a16719b59067c2ad4f77fe502448a9a3.exe
-
Size
908KB
-
MD5
ab176508b14b173f65e1d01000412a3b
-
SHA1
deb953532953afb80f0d73f8543fb91f7fdbe312
-
SHA256
f5858eedfbb9ea4d4a85a242434baff7a16719b59067c2ad4f77fe502448a9a3
-
SHA512
791aa57f7ac690360478ddb0dd2a3f309dce812d9f387282fec3fee1e5132d48e7db66f36e072641f06ca548e731e4109077acbc1b7cb678d29149aa63511601
Malware Config
Extracted
Family
gozi_rm3
Attributes
-
build
300854
-
exe_type
loader
Extracted
Family
gozi_rm3
Botnet
202004141
C2
https://devicelease.xyz
Attributes
-
build
300854
-
dga_base_url
constitution.org/usdeclar.txt
-
dga_crc
0x4eb7d2ca
-
dga_season
10
-
dga_tlds
com
ru
org
-
exe_type
loader
-
server_id
12
-
url_path
index.htm
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD3AfU4ayUEHchQ3H0W1/d3ziW
3
VNCFHWaAm8mJq6hQwn03GNGV7hOICH8h/+dZGEwYWVnRq128QMPZTIj0b+iqHKlM
4
sHzxEIZlWUVvnfbx6unDAC8aJXovmePrPvbHJ1FrplzlbILiPLvofh7pXzTdfcDQ
5
e3wfV7cbxJ3DXessqwIDAQAB
6
-----END PUBLIC KEY-----
serpent.plain
1
8JbpEEfNYPlYoAN4
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E78EEC7F-DBC6-11EC-AC67-5E4EC20DECC8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0fa0fb7d36fd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F461F055-DBC6-11EC-AC67-5E4EC20DECC8} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C115D74D-DBC6-11EC-AC67-5E4EC20DECC8} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b091500000000020000000000106600000001000020000000834a1b593ef4f5cc5310d7c2801fc35ff83838f833a222cf6a507e2c51fa13ae000000000e8000000002000020000000f5e3f0177f3a85dafe39e30bbdbf3cdab3e11ac97bf87890f5eab33c71a02f0b2000000015df67c77d3ccb49876bd216f780f30bfde8f017543ee691b2f0eea08d9c3440400000003283604047c7d182e06494e0e9efc6785acfbd2d85fe53d74cdd8f578f9b75aad431903ba81f01f1ee0226467b048e4fd24f67b232e1aeda621b4c35d6581580 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909ee0c3d36fd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301b3a85d36fd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009ca67aad6973c147a14e4257979b09150000000002000000000010660000000100002000000090e31e05d4fc72ae9cf314c10cf51b5e7b68d89f28af8a41faa5ef6b3d8ea0af000000000e8000000002000020000000467c7578cfd228b64345a658c99c9642bd763926d472f31c82be08112d9ee85d200000003574388e22e8fe401d4c04efefe8ab87118f281338657170a1be5f3a75ab238e4000000070858b26b36eeaddc7a435a7275370f23d40b27505c7c5af88fea17da4430976c0c52c35cf31c2d430dd65415bec17fcf43c89f70d72fafacd5221578db54d30 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03d4baad36fd801 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
pid Process 5004 iexplore.exe 5004 iexplore.exe 3660 iexplore.exe 4416 iexplore.exe 3100 iexplore.exe 4608 iexplore.exe 1068 iexplore.exe -
Suspicious use of SetWindowsHookEx 28 IoCs
pid Process 5004 iexplore.exe 5004 iexplore.exe 4076 IEXPLORE.EXE 4076 IEXPLORE.EXE 5004 iexplore.exe 5004 iexplore.exe 1068 IEXPLORE.EXE 1068 IEXPLORE.EXE 3660 iexplore.exe 3660 iexplore.exe 4656 IEXPLORE.EXE 4656 IEXPLORE.EXE 4416 iexplore.exe 4416 iexplore.exe 1016 IEXPLORE.EXE 1016 IEXPLORE.EXE 3100 iexplore.exe 3100 iexplore.exe 1960 IEXPLORE.EXE 1960 IEXPLORE.EXE 4608 iexplore.exe 4608 iexplore.exe 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 1068 iexplore.exe 1068 iexplore.exe 4708 IEXPLORE.EXE 4708 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 21 IoCs
description pid Process procid_target PID 5004 wrote to memory of 4076 5004 iexplore.exe 85 PID 5004 wrote to memory of 4076 5004 iexplore.exe 85 PID 5004 wrote to memory of 4076 5004 iexplore.exe 85 PID 5004 wrote to memory of 1068 5004 iexplore.exe 88 PID 5004 wrote to memory of 1068 5004 iexplore.exe 88 PID 5004 wrote to memory of 1068 5004 iexplore.exe 88 PID 3660 wrote to memory of 4656 3660 iexplore.exe 96 PID 3660 wrote to memory of 4656 3660 iexplore.exe 96 PID 3660 wrote to memory of 4656 3660 iexplore.exe 96 PID 4416 wrote to memory of 1016 4416 iexplore.exe 98 PID 4416 wrote to memory of 1016 4416 iexplore.exe 98 PID 4416 wrote to memory of 1016 4416 iexplore.exe 98 PID 3100 wrote to memory of 1960 3100 iexplore.exe 100 PID 3100 wrote to memory of 1960 3100 iexplore.exe 100 PID 3100 wrote to memory of 1960 3100 iexplore.exe 100 PID 4608 wrote to memory of 2852 4608 iexplore.exe 102 PID 4608 wrote to memory of 2852 4608 iexplore.exe 102 PID 4608 wrote to memory of 2852 4608 iexplore.exe 102 PID 1068 wrote to memory of 4708 1068 iexplore.exe 104 PID 1068 wrote to memory of 4708 1068 iexplore.exe 104 PID 1068 wrote to memory of 4708 1068 iexplore.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5858eedfbb9ea4d4a85a242434baff7a16719b59067c2ad4f77fe502448a9a3.exe"C:\Users\Admin\AppData\Local\Temp\f5858eedfbb9ea4d4a85a242434baff7a16719b59067c2ad4f77fe502448a9a3.exe"1⤵PID:3484
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵PID:3812
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5004 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:4076
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5004 CREDAT:82950 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1068
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3660 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4656
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4416 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1016
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3100 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3100 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:1960
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4608 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4608 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:2852
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1068 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1068 CREDAT:17410 /prefetch:22⤵
- Suspicious use of SetWindowsHookEx
PID:4708
-
Network
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Request0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requeststoresdk.dsx.mp.microsoft.comIN AResponsestoresdk.dsx.mp.microsoft.comIN CNAMEstoresdk.xbetservices.akadns.netstoresdk.xbetservices.akadns.netIN CNAMEstoresdk.dsx.mp.microsoft.com.edgekey.netstoresdk.dsx.mp.microsoft.com.edgekey.netIN CNAMEe16646.g.akamaiedge.nete16646.g.akamaiedge.netIN A2.18.109.224
-
GEThttps://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId=Remote address:2.18.109.224:443RequestGET /v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId= HTTP/1.1
Accept-Encoding: gzip, deflate
MS-CV: Drr3i1yLFUyw7DLy.3.3.1.2
User-Agent: WindowsStoreSDK
Host: storesdk.dsx.mp.microsoft.com
Connection: Keep-Alive
Cookie: _EDGE_V=1; MUID=2EE81D958D766944205E0C138CB168D8
ResponseHTTP/1.1 200 OK
Content-Length: 144
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-OSG-Served-By: Torus-WESTEUROPE_Legacy00000B_1.0.0.0
MS-CV: Drr3i1yLFUyw7DLy.3.3.1.2.1
Date: Tue, 24 May 2022 23:06:13 GMT
Connection: keep-alive
-
GEThttps://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=Remote address:2.18.109.224:443RequestGET /v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId= HTTP/1.1
Accept-Encoding: gzip, deflate
MS-CV: Drr3i1yLFUyw7DLy.7.3.1.2
User-Agent: WindowsStoreSDK
Host: storesdk.dsx.mp.microsoft.com
Connection: Keep-Alive
Cookie: _EDGE_V=1; MUID=2EE81D958D766944205E0C138CB168D8
ResponseHTTP/1.1 200 OK
Content-Length: 144
Content-Type: application/json; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
X-OSG-Served-By: Torus-WESTEUROPE_Legacy00000B_1.0.0.0
MS-CV: Drr3i1yLFUyw7DLy.7.3.1.2.1
Date: Tue, 24 May 2022 23:06:22 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requeststore-images.s-microsoft.comIN AResponsestore-images.s-microsoft.comIN CNAMEstore-images.s-microsoft.com-c.edgekey.netstore-images.s-microsoft.com-c.edgekey.netIN CNAMEe12564.dspb.akamaiedge.nete12564.dspb.akamaiedge.netIN A104.123.41.133
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requestdevicelease.xyzIN AResponse
-
Remote address:8.8.8.8:53Requeststore-images.s-microsoft.comIN AResponsestore-images.s-microsoft.comIN CNAMEstore-images.s-microsoft.com-c.edgekey.netstore-images.s-microsoft.com-c.edgekey.netIN CNAMEe12564.dspb.akamaiedge.nete12564.dspb.akamaiedge.netIN A104.123.41.133
-
GEThttp://store-images.s-microsoft.com/image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0Remote address:104.123.41.133:80RequestGET /image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0 HTTP/1.1
Connection: Keep-Alive
User-Agent: Install Service
Host: store-images.s-microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 30 Aug 2021 15:07:35 GMT
Accept-Ranges: none
ETag: W/"gEDUIDB4OEQ5NkJDN0U2NjEyRjlF"
MS-CV: h3JZN5MPwkaTwSf4.0
Access-Control-Expose-Headers: MS-CV
Content-Length: 2626
Date: Tue, 24 May 2022 23:07:39 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
-
46 B 40 B 1 1
-
40 B 1
-
46 B 1
-
2.18.109.224:443https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=tls, http1.8kB 8.0kB 15 14
HTTP Request
GET https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NXQXXLFST89&parentProductId=HTTP Response
200HTTP Request
GET https://storesdk.dsx.mp.microsoft.com/v8.0/Sdk/products/contentId?market=US&locale=en-US&languages=en-US&deviceFamily=Windows.Desktop&productIds=9NCBCSZSJRSB&parentProductId=HTTP Response
200 -
260 B 5
-
104.123.41.133:80http://store-images.s-microsoft.com/image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0http445 B 3.2kB 5 5
HTTP Request
GET http://store-images.s-microsoft.com/image/apps.20893.13571498826857201.00a9d390-581f-492c-b148-b2ce81649480.acc28f88-50de-4aaf-abfc-ad1da8b04cd0HTTP Response
200 -
156 B 3
-
92 B 111 B 2 2
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
118 B 204 B 1 1
DNS Request
0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
75 B 223 B 1 1
DNS Request
storesdk.dsx.mp.microsoft.com
DNS Response
2.18.109.224
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
74 B 183 B 1 1
DNS Request
store-images.s-microsoft.com
DNS Response
104.123.41.133
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
61 B 126 B 1 1
DNS Request
devicelease.xyz
-
74 B 183 B 1 1
DNS Request
store-images.s-microsoft.com
DNS Response
104.123.41.133