Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

IPTOOLKIT-...IT.bat

windows10-2004-x64

8

Analysis

  • max time kernel
    296s
  • max time network
    311s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/04/2024, 17:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IPTOOLKIT-main/IPTOOLKIT.bat

  • Size

    4KB

  • MD5

    0ce7a6b2c21f3f15472a20687662625e

  • SHA1

    93d69bad32ba246f22ea02a5f5696c34aea292c0

  • SHA256

    89fe592e5b40bdd0ff3850893f50d3e178efa6bfaeb7dc64fba4a7d3841327a2

  • SHA512

    6d5ebcb5c38b2d56627daaf9b7f262bb95d1dc6871214c207c2daec3f95464f69e50ee70480c97cc4ce1e343a61b3f2c4d49c8b1fefa73ac8b81d20287aa9763

  • SSDEEP

    96:krExshDl8df//RcjGgydEDUjZzDffL5oEr6nriXoUi:kreshDetJcjTqEDUjZzbfL5KriYUi

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 2 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\IPTOOLKIT-main\IPTOOLKIT.bat"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4820
    • C:\Windows\system32\mode.com
      mode 75, 30
      2⤵
        PID:3952
      • C:\Windows\system32\chcp.com
        chcp 65001
        2⤵
          PID:4104
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell exit
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hardstresser.com/
          2⤵
            PID:1864
          • C:\Windows\system32\cmd.exe
            cmd /c "mode 87, 10 && title Spoofing 123123123... && echo. && arpspoof.exe 123123123"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4268
            • C:\Windows\system32\mode.com
              mode 87, 10
              3⤵
                PID:2972
              • C:\Users\Admin\AppData\Local\Temp\IPTOOLKIT-main\files\arpspoof.exe
                arpspoof.exe 123123123
                3⤵
                  PID:5008
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 276
                    4⤵
                    • Program crash
                    PID:1144
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\webclient.vbs"
                2⤵
                • Blocklisted process makes network request
                PID:1880
              • C:\Windows\system32\PING.EXE
                ping 127.0.0.1 -n 2 -w 1000
                2⤵
                • Runs ping.exe
                PID:2444
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c findstr /i "," C:\Users\Admin\AppData\Local\Temp\response.txt
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:4380
                • C:\Windows\system32\findstr.exe
                  findstr /i "," C:\Users\Admin\AppData\Local\Temp\response.txt
                  3⤵
                    PID:1700
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c nslookup 53.10.167.172 | find "Name"
                  2⤵
                  • Suspicious use of WriteProcessMemory
                  PID:3232
                  • C:\Windows\system32\nslookup.exe
                    nslookup 53.10.167.172
                    3⤵
                      PID:3104
                    • C:\Windows\system32\find.exe
                      find "Name"
                      3⤵
                        PID:1120
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c nslookup google.com | find "Name"
                      2⤵
                      • Suspicious use of WriteProcessMemory
                      PID:4612
                      • C:\Windows\system32\nslookup.exe
                        nslookup google.com
                        3⤵
                          PID:4324
                        • C:\Windows\system32\find.exe
                          find "Name"
                          3⤵
                            PID:2388
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                        1⤵
                          PID:2172
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5668 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
                          1⤵
                            PID:680
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3980 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
                            1⤵
                              PID:1976
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5592 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                              1⤵
                                PID:2252
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5520 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
                                1⤵
                                  PID:780
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=784 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                  1⤵
                                    PID:3380
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                    1⤵
                                      PID:3216
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
                                      1⤵
                                      • Modifies registry class
                                      PID:876
                                    • C:\Windows\system32\werfault.exe
                                      werfault.exe /h /shared Global\f096c31dc24b4ffa9a06df7b2595d940 /t 4324 /p 3856
                                      1⤵
                                        PID:2020
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 5008 -ip 5008
                                        1⤵
                                          PID:4004

                                        Network

                                        • flag-us
                                          DNS
                                          58.55.71.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          58.55.71.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          58.55.71.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          58.55.71.13.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          41.215.44.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          41.215.44.23.in-addr.arpa
                                          IN PTR
                                          Response
                                          41.215.44.23.in-addr.arpa
                                          IN PTR
                                          a23-44-215-41deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          71.31.126.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          71.31.126.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          71.31.126.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          71.31.126.40.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          95.221.229.192.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          95.221.229.192.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          95.221.229.192.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          95.221.229.192.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          95.221.229.192.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          95.221.229.192.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          196.249.167.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          196.249.167.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          103.169.127.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          103.169.127.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          103.169.127.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          103.169.127.40.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          217.106.137.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          217.106.137.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          15.164.165.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          15.164.165.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          15.164.165.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          15.164.165.52.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          15.164.165.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          15.164.165.52.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          15.164.165.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          15.164.165.52.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          chromewebstore.googleapis.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          chromewebstore.googleapis.com
                                          IN A
                                          Response
                                          chromewebstore.googleapis.com
                                          IN A
                                          216.58.201.106
                                          chromewebstore.googleapis.com
                                          IN A
                                          216.58.204.74
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.179.234
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.180.10
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.187.202
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.187.234
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.200.42
                                          chromewebstore.googleapis.com
                                          IN A
                                          172.217.16.234
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.200.10
                                          chromewebstore.googleapis.com
                                          IN A
                                          142.250.178.10
                                        • flag-us
                                          DNS
                                          chromewebstore.googleapis.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          chromewebstore.googleapis.com
                                          IN Unknown
                                          Response
                                        • flag-us
                                          DNS
                                          pki.goog
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          pki.goog
                                          IN A
                                          Response
                                          pki.goog
                                          IN A
                                          216.239.32.29
                                        • flag-us
                                          DNS
                                          pki.goog
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          pki.goog
                                          IN Unknown
                                          Response
                                        • flag-us
                                          GET
                                          http://pki.goog/gsr1/gsr1.crt
                                          Remote address:
                                          216.239.32.29:80
                                          Request
                                          GET /gsr1/gsr1.crt HTTP/1.1
                                          Host: pki.goog
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Response
                                          HTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Encoding: gzip
                                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                          Content-Length: 797
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Date: Mon, 22 Apr 2024 16:30:27 GMT
                                          Expires: Mon, 22 Apr 2024 17:20:27 GMT
                                          Cache-Control: public, max-age=3000
                                          Age: 2191
                                          Last-Modified: Wed, 20 May 2020 16:45:00 GMT
                                          Content-Type: application/pkix-cert
                                          Vary: Accept-Encoding
                                        • flag-us
                                          GET
                                          http://pki.goog/repo/certs/gtsr1.der
                                          Remote address:
                                          216.239.32.29:80
                                          Request
                                          GET /repo/certs/gtsr1.der HTTP/1.1
                                          Host: pki.goog
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Response
                                          HTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                          Content-Length: 1371
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Date: Mon, 22 Apr 2024 16:30:31 GMT
                                          Expires: Mon, 22 Apr 2024 17:20:31 GMT
                                          Cache-Control: public, max-age=3000
                                          Age: 2187
                                          Last-Modified: Sun, 25 Jun 2023 02:58:00 GMT
                                          Content-Type: application/pkix-cert
                                          Vary: Accept-Encoding
                                        • flag-us
                                          GET
                                          http://pki.goog/repo/certs/gts1c3.der
                                          Remote address:
                                          216.239.32.29:80
                                          Request
                                          GET /repo/certs/gts1c3.der HTTP/1.1
                                          Host: pki.goog
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Response
                                          HTTP/1.1 200 OK
                                          Accept-Ranges: bytes
                                          Content-Encoding: gzip
                                          Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                          Cross-Origin-Resource-Policy: cross-origin
                                          Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                          Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                          Content-Length: 1304
                                          X-Content-Type-Options: nosniff
                                          Server: sffe
                                          X-XSS-Protection: 0
                                          Date: Mon, 22 Apr 2024 16:30:49 GMT
                                          Expires: Mon, 22 Apr 2024 17:20:49 GMT
                                          Cache-Control: public, max-age=3000
                                          Age: 2169
                                          Last-Modified: Mon, 17 Aug 2020 09:45:00 GMT
                                          Content-Type: application/pkix-cert
                                          Vary: Accept-Encoding
                                        • flag-us
                                          DNS
                                          106.201.58.216.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          106.201.58.216.in-addr.arpa
                                          IN PTR
                                          Response
                                          106.201.58.216.in-addr.arpa
                                          IN PTR
                                          lhr48s48-in-f101e100net
                                          106.201.58.216.in-addr.arpa
                                          IN PTR
                                          prg03s02-in-f106�I
                                          106.201.58.216.in-addr.arpa
                                          IN PTR
                                          prg03s02-in-f10�I
                                        • flag-us
                                          DNS
                                          29.32.239.216.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          29.32.239.216.in-addr.arpa
                                          IN PTR
                                          Response
                                          29.32.239.216.in-addr.arpa
                                          IN PTR
                                          any-in-201d1e100net
                                        • flag-us
                                          DNS
                                          29.32.239.216.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          29.32.239.216.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          130.118.77.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          130.118.77.104.in-addr.arpa
                                          IN PTR
                                          Response
                                          130.118.77.104.in-addr.arpa
                                          IN PTR
                                          a104-77-118-130deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          130.118.77.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          130.118.77.104.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          154.2.16.2.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          154.2.16.2.in-addr.arpa
                                          IN PTR
                                          Response
                                          154.2.16.2.in-addr.arpa
                                          IN PTR
                                          a2-16-2-154deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          11.227.111.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          11.227.111.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          hardstresser.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          hardstresser.com
                                          IN A
                                          Response
                                          hardstresser.com
                                          IN A
                                          185.178.208.158
                                        • flag-us
                                          DNS
                                          hardstresser.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          hardstresser.com
                                          IN Unknown
                                          Response
                                        • flag-us
                                          DNS
                                          hardstresser.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          hardstresser.com
                                          IN A
                                          Response
                                          hardstresser.com
                                          IN A
                                          185.178.208.158
                                        • flag-us
                                          DNS
                                          nav-edge.smartscreen.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nav-edge.smartscreen.microsoft.com
                                          IN A
                                          Response
                                          nav-edge.smartscreen.microsoft.com
                                          IN CNAME
                                          tm-prod-wd-csp-edge.trafficmanager.net
                                          tm-prod-wd-csp-edge.trafficmanager.net
                                          IN CNAME
                                          prod-agic-uw-3.ukwest.cloudapp.azure.com
                                          prod-agic-uw-3.ukwest.cloudapp.azure.com
                                          IN A
                                          51.11.108.188
                                        • flag-us
                                          DNS
                                          nav-edge.smartscreen.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nav-edge.smartscreen.microsoft.com
                                          IN Unknown
                                          Response
                                          nav-edge.smartscreen.microsoft.com
                                          IN CNAME
                                          tm-prod-wd-csp-edge.trafficmanager.net
                                          tm-prod-wd-csp-edge.trafficmanager.net
                                          IN CNAME
                                          prod-agic-us-1.uksouth.cloudapp.azure.com
                                        • flag-us
                                          DNS
                                          business.bing.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          business.bing.com
                                          IN A
                                          Response
                                          business.bing.com
                                          IN CNAME
                                          business-bing-com.b-0005.b-msedge.net
                                          business-bing-com.b-0005.b-msedge.net
                                          IN CNAME
                                          b-0005.b-msedge.net
                                          b-0005.b-msedge.net
                                          IN A
                                          13.107.6.158
                                        • flag-us
                                          DNS
                                          business.bing.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          business.bing.com
                                          IN Unknown
                                          Response
                                          business.bing.com
                                          IN CNAME
                                          business-bing-com.b-0005.b-msedge.net
                                        • flag-us
                                          DNS
                                          www.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          www.microsoft.com
                                          IN A
                                          Response
                                          www.microsoft.com
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net
                                          www.microsoft.com-c-3.edgekey.net
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          IN CNAME
                                          e13678.dscb.akamaiedge.net
                                          e13678.dscb.akamaiedge.net
                                          IN A
                                          72.246.173.187
                                        • flag-us
                                          DNS
                                          www.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          www.microsoft.com
                                          IN A
                                          Response
                                          www.microsoft.com
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net
                                          www.microsoft.com-c-3.edgekey.net
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          IN CNAME
                                          e13678.dscb.akamaiedge.net
                                          e13678.dscb.akamaiedge.net
                                          IN A
                                          72.246.173.187
                                        • flag-us
                                          DNS
                                          www.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          www.microsoft.com
                                          IN Unknown
                                          Response
                                          www.microsoft.com
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net
                                          www.microsoft.com-c-3.edgekey.net
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          IN CNAME
                                          e13678.dscb.akamaiedge.net
                                        • flag-us
                                          DNS
                                          158.208.178.185.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          158.208.178.185.in-addr.arpa
                                          IN PTR
                                          Response
                                          158.208.178.185.in-addr.arpa
                                          IN PTR
                                          ddos-guardnet
                                        • flag-us
                                          DNS
                                          159.113.53.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          159.113.53.23.in-addr.arpa
                                          IN PTR
                                          Response
                                          159.113.53.23.in-addr.arpa
                                          IN PTR
                                          a23-53-113-159deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          188.108.11.51.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          188.108.11.51.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          187.173.246.72.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          187.173.246.72.in-addr.arpa
                                          IN PTR
                                          Response
                                          187.173.246.72.in-addr.arpa
                                          IN PTR
                                          a72-246-173-187deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          bzib.nelreports.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          bzib.nelreports.net
                                          IN A
                                          Response
                                          bzib.nelreports.net
                                          IN CNAME
                                          bzib.nelreports.net.akamaized.net
                                          bzib.nelreports.net.akamaized.net
                                          IN CNAME
                                          a416.dscd.akamai.net
                                          a416.dscd.akamai.net
                                          IN A
                                          23.73.139.27
                                          a416.dscd.akamai.net
                                          IN A
                                          23.73.139.50
                                        • flag-us
                                          DNS
                                          bzib.nelreports.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          bzib.nelreports.net
                                          IN Unknown
                                          Response
                                          bzib.nelreports.net
                                          IN CNAME
                                          bzib.nelreports.net.akamaized.net
                                          bzib.nelreports.net.akamaized.net
                                          IN CNAME
                                          a416.dscd.akamai.net
                                        • flag-us
                                          DNS
                                          www.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          www.microsoft.com
                                          IN A
                                          Response
                                          www.microsoft.com
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net
                                          www.microsoft.com-c-3.edgekey.net
                                          IN CNAME
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                          IN CNAME
                                          e13678.dscb.akamaiedge.net
                                          e13678.dscb.akamaiedge.net
                                          IN A
                                          72.246.173.187
                                        • flag-us
                                          DNS
                                          27.139.73.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          27.139.73.23.in-addr.arpa
                                          IN PTR
                                          Response
                                          27.139.73.23.in-addr.arpa
                                          IN PTR
                                          a23-73-139-27deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          27.139.73.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          27.139.73.23.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          10.180.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          10.180.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          10.180.250.142.in-addr.arpa
                                          IN PTR
                                          lhr25s32-in-f101e100net
                                        • flag-us
                                          DNS
                                          10.180.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          10.180.250.142.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          client.crisp.chat
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          client.crisp.chat
                                          IN A
                                          Response
                                          client.crisp.chat
                                          IN A
                                          104.18.29.104
                                          client.crisp.chat
                                          IN A
                                          104.18.28.104
                                        • flag-us
                                          DNS
                                          client.crisp.chat
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          client.crisp.chat
                                          IN Unknown
                                        • flag-us
                                          DNS
                                          edgestatic.azureedge.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          edgestatic.azureedge.net
                                          IN A
                                        • flag-us
                                          DNS
                                          edgestatic.azureedge.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          edgestatic.azureedge.net
                                          IN Unknown
                                        • flag-us
                                          DNS
                                          c.s-microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          c.s-microsoft.com
                                          IN A
                                          Response
                                          c.s-microsoft.com
                                          IN CNAME
                                          c-s.cms.ms.akadns.net
                                          c-s.cms.ms.akadns.net
                                          IN CNAME
                                          c.s-microsoft.com-c.edgekey.net
                                          c.s-microsoft.com-c.edgekey.net
                                          IN CNAME
                                          e13678.dscg.akamaiedge.net
                                          e13678.dscg.akamaiedge.net
                                          IN A
                                          23.53.113.225
                                        • flag-us
                                          DNS
                                          c.s-microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          c.s-microsoft.com
                                          IN Unknown
                                          Response
                                          c.s-microsoft.com
                                          IN CNAME
                                          c-s.cms.ms.akadns.net
                                          c-s.cms.ms.akadns.net
                                          IN CNAME
                                          c.s-microsoft.com-c.edgekey.net
                                          c.s-microsoft.com-c.edgekey.net
                                          IN CNAME
                                          e13678.dscg.akamaiedge.net
                                        • flag-us
                                          DNS
                                          40.200.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          40.200.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          40.200.250.142.in-addr.arpa
                                          IN PTR
                                          lhr48s30-in-f81e100net
                                        • flag-us
                                          DNS
                                          104.29.18.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          104.29.18.104.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          client.relay.crisp.chat
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          client.relay.crisp.chat
                                          IN A
                                          Response
                                          client.relay.crisp.chat
                                          IN A
                                          159.89.97.13
                                          client.relay.crisp.chat
                                          IN A
                                          46.101.18.133
                                        • flag-us
                                          DNS
                                          client.relay.crisp.chat
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          client.relay.crisp.chat
                                          IN Unknown
                                          Response
                                        • flag-us
                                          DNS
                                          edgestatic.azureedge.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          edgestatic.azureedge.net
                                          IN A
                                          Response
                                          edgestatic.azureedge.net
                                          IN CNAME
                                          edgestatic.afd.azureedge.net
                                          edgestatic.afd.azureedge.net
                                          IN CNAME
                                          azureedge-t-prod.trafficmanager.net
                                          azureedge-t-prod.trafficmanager.net
                                          IN CNAME
                                          shed.dual-low.part-0036.t-0009.t-msedge.net
                                          shed.dual-low.part-0036.t-0009.t-msedge.net
                                          IN CNAME
                                          part-0036.t-0009.t-msedge.net
                                          part-0036.t-0009.t-msedge.net
                                          IN A
                                          13.107.246.64
                                          part-0036.t-0009.t-msedge.net
                                          IN A
                                          13.107.213.64
                                        • flag-us
                                          DNS
                                          edgestatic.azureedge.net
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          edgestatic.azureedge.net
                                          IN Unknown
                                          Response
                                          edgestatic.azureedge.net
                                          IN CNAME
                                          edgestatic.afd.azureedge.net
                                          edgestatic.afd.azureedge.net
                                          IN CNAME
                                          azureedge-t-prod.trafficmanager.net
                                          azureedge-t-prod.trafficmanager.net
                                          IN CNAME
                                          shed.dual-low.part-0036.t-0009.t-msedge.net
                                          shed.dual-low.part-0036.t-0009.t-msedge.net
                                          IN CNAME
                                          part-0036.t-0009.t-msedge.net
                                        • flag-us
                                          DNS
                                          14.200.250.142.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          14.200.250.142.in-addr.arpa
                                          IN PTR
                                          Response
                                          14.200.250.142.in-addr.arpa
                                          IN PTR
                                          lhr48s29-in-f141e100net
                                        • flag-us
                                          DNS
                                          155.61.62.23.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          155.61.62.23.in-addr.arpa
                                          IN PTR
                                          Response
                                          155.61.62.23.in-addr.arpa
                                          IN PTR
                                          a23-62-61-155deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          64.246.107.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          64.246.107.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          13.97.89.159.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          13.97.89.159.in-addr.arpa
                                          IN PTR
                                          Response
                                          13.97.89.159.in-addr.arpa
                                          IN PTR
                                          socket-1fraatlasnetcrispchat
                                        • flag-us
                                          DNS
                                          13.97.89.159.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          13.97.89.159.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          13.97.89.159.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          13.97.89.159.in-addr.arpa
                                          IN PTR
                                        • flag-us
                                          DNS
                                          nw-umwatson.events.data.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nw-umwatson.events.data.microsoft.com
                                          IN A
                                          Response
                                          nw-umwatson.events.data.microsoft.com
                                          IN CNAME
                                          blobcollector.events.data.trafficmanager.net
                                          blobcollector.events.data.trafficmanager.net
                                          IN CNAME
                                          onedsblobprdcus16.centralus.cloudapp.azure.com
                                          onedsblobprdcus16.centralus.cloudapp.azure.com
                                          IN A
                                          104.208.16.94
                                        • flag-us
                                          DNS
                                          nw-umwatson.events.data.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nw-umwatson.events.data.microsoft.com
                                          IN A
                                        • flag-us
                                          DNS
                                          nw-umwatson.events.data.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nw-umwatson.events.data.microsoft.com
                                          IN A
                                        • flag-us
                                          DNS
                                          nw-umwatson.events.data.microsoft.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          nw-umwatson.events.data.microsoft.com
                                          IN A
                                        • flag-us
                                          POST
                                          https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                          Remote address:
                                          104.208.16.94:443
                                          Request
                                          POST /Telemetry.Request HTTP/1.1
                                          Connection: Keep-Alive
                                          Content-Type: application/xml
                                          User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                                          MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAARaKkDpI1rH2FZulftTAS18+Yt2sTS8fljL/4bw4AI6T7yLwh2JqgBRYPcVjU1IXa11M5cDp896Fftvv1xowjPxd599+hbT6AKZ2ZrN5SoLeSY1PREfGOgSO50cZQs2oUvkhGLNw24FJv4yVBX+67el8Ruwad5OI9bkujTw3886ZAUL1FbRbGHB57v8cPWKa1Qbi3xc4xzy/f7KR4hWZ3IRPgGat0XpMUlsjggv+QjtQvpQmG4FKHKB7wBXbT5xeroYeN2b0BxijWXjmmKBCFfXQuIh1j+igbM/tddB93dn0N9/PeCJpoZ3SmwNtlD1XMQLsjTTkzmX7m35BeZFW9TEDZgAACIqu9KIjBt47iAFtGa1LkjyreiPTshPN+pL3PH+4f62dYekEPKUN+7YcIFnyYHz3rT7QNCUCUq1eUX/dV+8FekrgMwJZgPW8LVxpFgBTayW0xHiDPon4DweeRs4w+ve2ktqPArnQfsTc3OdQXCiSaqq3UJ12UB3WRuVrxmlU30TTIlm57/6jCRn/O2cn78+Of5TCoLIUAprx/91dS6tVGp0oBxTfQ9f/wkpDfnY2DPnRdgsHBgeg9K38FhOq1+vFOPb5ISrHwnfkheNR0+f8F7TIAxleNu655CczHTzEvDAyOU4b+aJ5D99XWiKL/iOS6wgnoAlbO6Ad0OZQN5uTEtaij97jgQ0iUvGK9nz+wmmlmH2SslZRCOlrfsH0sdL7elCFY0YV6d6KSmiihpronqsuxiuPWhxXXD16WNMbIoRuY1NdygTQUzTNx17LV73HY18Ms9wPmnCBTkEIt7/HYEIyVCUH0pApQ21jrXIqmUcefWGhYuTX6mhl3YNi16LWh3sEQOUDikY5Dbi/crIe9RHAY7gB&p=
                                          Content-Length: 3685
                                          Host: nw-umwatson.events.data.microsoft.com
                                          Response
                                          HTTP/1.1 200 200 OK
                                          Content-Length: 634
                                          Content-Type: text/xml
                                          Server: Microsoft-HTTPAPI/2.0
                                          Strict-Transport-Security: max-age=31536000
                                          Date: Mon, 22 Apr 2024 17:08:08 GMT
                                        • flag-us
                                          DNS
                                          94.16.208.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          94.16.208.104.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          210.143.182.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          210.143.182.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          ipinfo.io
                                          WScript.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          ipinfo.io
                                          IN A
                                          Response
                                          ipinfo.io
                                          IN A
                                          34.117.186.192
                                        • flag-us
                                          GET
                                          http://ipinfo.io/53.10.167.172/json
                                          WScript.exe
                                          Remote address:
                                          34.117.186.192:80
                                          Request
                                          GET /53.10.167.172/json HTTP/1.1
                                          Connection: Keep-Alive
                                          Content-Type: application/x-www-form-urlencoded
                                          Accept: */*
                                          Accept-Language: en-US
                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                          Host: ipinfo.io
                                          Response
                                          HTTP/1.1 200 OK
                                          server: nginx/1.24.0
                                          date: Mon, 22 Apr 2024 17:10:10 GMT
                                          content-type: application/json; charset=utf-8
                                          Content-Length: 269
                                          access-control-allow-origin: *
                                          x-frame-options: SAMEORIGIN
                                          x-xss-protection: 1; mode=block
                                          x-content-type-options: nosniff
                                          referrer-policy: strict-origin-when-cross-origin
                                          x-envoy-upstream-service-time: 3
                                          via: 1.1 google
                                          strict-transport-security: max-age=2592000; includeSubDomains
                                        • flag-us
                                          DNS
                                          192.186.117.34.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          192.186.117.34.in-addr.arpa
                                          IN PTR
                                          Response
                                          192.186.117.34.in-addr.arpa
                                          IN PTR
                                          19218611734bcgoogleusercontentcom
                                        • flag-us
                                          DNS
                                          192.186.117.34.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          192.186.117.34.in-addr.arpa
                                          IN PTR
                                          Response
                                          192.186.117.34.in-addr.arpa
                                          IN PTR
                                          19218611734bcgoogleusercontentcom
                                        • flag-us
                                          DNS
                                          8.8.8.8.in-addr.arpa
                                          nslookup.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          Response
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          dnsgoogle
                                        • flag-us
                                          DNS
                                          172.167.10.53.in-addr.arpa
                                          nslookup.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.167.10.53.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          8.8.8.8.in-addr.arpa
                                          nslookup.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          Response
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          dnsgoogle
                                        • flag-us
                                          DNS
                                          google.com
                                          nslookup.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          google.com
                                          IN A
                                          Response
                                          google.com
                                          IN A
                                          142.250.179.238
                                        • flag-us
                                          DNS
                                          google.com
                                          nslookup.exe
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          google.com
                                          IN AAAA
                                          Response
                                          google.com
                                          IN AAAA
                                          2a00:1450:4009:81d::200e
                                        • 13.107.253.64:443
                                          92 B
                                           40 B
                                           2
                                          1
                                        • 216.58.201.106:443
                                          chromewebstore.googleapis.com
                                          tls
                                          1.1kB
                                           5.1kB
                                           10
                                          6
                                        • 216.239.32.29:80
                                          http://pki.goog/repo/certs/gts1c3.der
                                          http
                                          1.3kB
                                           6.0kB
                                           10
                                          8

                                          HTTP Request

                                          GET http://pki.goog/gsr1/gsr1.crt

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://pki.goog/repo/certs/gtsr1.der

                                          HTTP Response

                                          200

                                          HTTP Request

                                          GET http://pki.goog/repo/certs/gts1c3.der

                                          HTTP Response

                                          200
                                        • 185.178.208.158:443
                                          hardstresser.com
                                          tls
                                          18.6kB
                                           464.0kB
                                           311
                                          361
                                        • 185.178.208.158:443
                                          hardstresser.com
                                          tls
                                          1.1kB
                                           4.6kB
                                           10
                                          9
                                        • 51.11.108.188:443
                                          nav-edge.smartscreen.microsoft.com
                                          tls
                                          18.9kB
                                           14.5kB
                                           37
                                          23
                                        • 51.11.108.188:443
                                          nav-edge.smartscreen.microsoft.com
                                          tls
                                          948 B
                                           4.8kB
                                           8
                                          6
                                        • 13.107.6.158:443
                                          business.bing.com
                                          tls
                                          3.2kB
                                           7.1kB
                                           13
                                          7
                                        • 51.11.108.188:443
                                          nav-edge.smartscreen.microsoft.com
                                          52 B
                                           1
                                        • 13.107.6.158:443
                                          business.bing.com
                                          tls
                                          2.8kB
                                           10.1kB
                                           20
                                          22
                                        • 72.246.173.187:443
                                          www.microsoft.com
                                          tls
                                          2.9kB
                                           22.8kB
                                           26
                                          32
                                        • 23.73.139.27:443
                                          bzib.nelreports.net
                                          tls
                                          2.3kB
                                           5.9kB
                                           10
                                          12
                                        • 104.18.29.104:443
                                          client.crisp.chat
                                          tls
                                          6.5kB
                                           171.6kB
                                           83
                                          140
                                        • 23.62.61.155:443
                                          www.bing.com
                                          tls
                                          35.8kB
                                           889.7kB
                                           563
                                          643
                                        • 13.107.246.64:443
                                          edgestatic.azureedge.net
                                          tls
                                          37.9kB
                                           1.3MB
                                           703
                                          975
                                        • 13.107.246.64:443
                                          edgestatic.azureedge.net
                                          tls
                                          1.8kB
                                           7.6kB
                                           11
                                          11
                                        • 13.107.246.64:443
                                          edgestatic.azureedge.net
                                          tls
                                          1.6kB
                                           7.5kB
                                           10
                                          10
                                        • 159.89.97.13:443
                                          client.relay.crisp.chat
                                          tls
                                          3.0kB
                                           7.2kB
                                           17
                                          15
                                        • 104.208.16.94:443
                                          https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                                          tls, http
                                          5.9kB
                                           7.6kB
                                           14
                                          10

                                          HTTP Request

                                          POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                                          HTTP Response

                                          200
                                        • 34.117.186.192:80
                                          http://ipinfo.io/53.10.167.172/json
                                          http
                                          WScript.exe
                                          418 B
                                           838 B
                                           4
                                          3

                                          HTTP Request

                                          GET http://ipinfo.io/53.10.167.172/json

                                          HTTP Response

                                          200
                                        • 8.8.8.8:53
                                          58.55.71.13.in-addr.arpa
                                          dns
                                          140 B
                                           144 B
                                           2
                                          1

                                          DNS Request

                                          58.55.71.13.in-addr.arpa

                                          DNS Request

                                          58.55.71.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          41.215.44.23.in-addr.arpa
                                          dns
                                          71 B
                                           135 B
                                           1
                                          1

                                          DNS Request

                                          41.215.44.23.in-addr.arpa

                                        • 8.8.8.8:53
                                          71.31.126.40.in-addr.arpa
                                          dns
                                          142 B
                                           157 B
                                           2
                                          1

                                          DNS Request

                                          71.31.126.40.in-addr.arpa

                                          DNS Request

                                          71.31.126.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          95.221.229.192.in-addr.arpa
                                          dns
                                          219 B
                                           144 B
                                           3
                                          1

                                          DNS Request

                                          95.221.229.192.in-addr.arpa

                                          DNS Request

                                          95.221.229.192.in-addr.arpa

                                          DNS Request

                                          95.221.229.192.in-addr.arpa

                                        • 8.8.8.8:53
                                          196.249.167.52.in-addr.arpa
                                          dns
                                          73 B
                                           147 B
                                           1
                                          1

                                          DNS Request

                                          196.249.167.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          103.169.127.40.in-addr.arpa
                                          dns
                                          146 B
                                           147 B
                                           2
                                          1

                                          DNS Request

                                          103.169.127.40.in-addr.arpa

                                          DNS Request

                                          103.169.127.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          217.106.137.52.in-addr.arpa
                                          dns
                                          73 B
                                           147 B
                                           1
                                          1

                                          DNS Request

                                          217.106.137.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          15.164.165.52.in-addr.arpa
                                          dns
                                          288 B
                                           146 B
                                           4
                                          1

                                          DNS Request

                                          15.164.165.52.in-addr.arpa

                                          DNS Request

                                          15.164.165.52.in-addr.arpa

                                          DNS Request

                                          15.164.165.52.in-addr.arpa

                                          DNS Request

                                          15.164.165.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          chromewebstore.googleapis.com
                                          dns
                                          75 B
                                           235 B
                                           1
                                          1

                                          DNS Request

                                          chromewebstore.googleapis.com

                                          DNS Response

                                          216.58.201.106
                                          216.58.204.74
                                          142.250.179.234
                                          142.250.180.10
                                          142.250.187.202
                                          142.250.187.234
                                          142.250.200.42
                                          172.217.16.234
                                          142.250.200.10
                                          142.250.178.10

                                        • 8.8.8.8:53
                                          chromewebstore.googleapis.com
                                          dns
                                          75 B
                                           132 B
                                           1
                                          1

                                          DNS Request

                                          chromewebstore.googleapis.com

                                        • 8.8.8.8:53
                                          pki.goog
                                          dns
                                          54 B
                                           70 B
                                           1
                                          1

                                          DNS Request

                                          pki.goog

                                          DNS Response

                                          216.239.32.29

                                        • 8.8.8.8:53
                                          pki.goog
                                          dns
                                          54 B
                                           128 B
                                           1
                                          1

                                          DNS Request

                                          pki.goog

                                        • 8.8.8.8:53
                                          106.201.58.216.in-addr.arpa
                                          dns
                                          73 B
                                           173 B
                                           1
                                          1

                                          DNS Request

                                          106.201.58.216.in-addr.arpa

                                        • 8.8.8.8:53
                                          29.32.239.216.in-addr.arpa
                                          dns
                                          144 B
                                           107 B
                                           2
                                          1

                                          DNS Request

                                          29.32.239.216.in-addr.arpa

                                          DNS Request

                                          29.32.239.216.in-addr.arpa

                                        • 8.8.8.8:53
                                          130.118.77.104.in-addr.arpa
                                          dns
                                          146 B
                                           139 B
                                           2
                                          1

                                          DNS Request

                                          130.118.77.104.in-addr.arpa

                                          DNS Request

                                          130.118.77.104.in-addr.arpa

                                        • 8.8.8.8:53
                                          154.2.16.2.in-addr.arpa
                                          dns
                                          69 B
                                           131 B
                                           1
                                          1

                                          DNS Request

                                          154.2.16.2.in-addr.arpa

                                        • 8.8.8.8:53
                                          11.227.111.52.in-addr.arpa
                                          dns
                                          72 B
                                           158 B
                                           1
                                          1

                                          DNS Request

                                          11.227.111.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          hardstresser.com
                                          dns
                                          62 B
                                           78 B
                                           1
                                          1

                                          DNS Request

                                          hardstresser.com

                                          DNS Response

                                          185.178.208.158

                                        • 8.8.8.8:53
                                          hardstresser.com
                                          dns
                                          62 B
                                           124 B
                                           1
                                          1

                                          DNS Request

                                          hardstresser.com

                                        • 8.8.8.8:53
                                          hardstresser.com
                                          dns
                                          62 B
                                           78 B
                                           1
                                          1

                                          DNS Request

                                          hardstresser.com

                                          DNS Response

                                          185.178.208.158

                                        • 8.8.8.8:53
                                          nav-edge.smartscreen.microsoft.com
                                          dns
                                          80 B
                                           199 B
                                           1
                                          1

                                          DNS Request

                                          nav-edge.smartscreen.microsoft.com

                                          DNS Response

                                          51.11.108.188

                                        • 8.8.8.8:53
                                          nav-edge.smartscreen.microsoft.com
                                          dns
                                          80 B
                                           244 B
                                           1
                                          1

                                          DNS Request

                                          nav-edge.smartscreen.microsoft.com

                                        • 8.8.8.8:53
                                          business.bing.com
                                          dns
                                          63 B
                                           144 B
                                           1
                                          1

                                          DNS Request

                                          business.bing.com

                                          DNS Response

                                          13.107.6.158

                                        • 8.8.8.8:53
                                          business.bing.com
                                          dns
                                          63 B
                                           171 B
                                           1
                                          1

                                          DNS Request

                                          business.bing.com

                                        • 8.8.8.8:53
                                          www.microsoft.com
                                          dns
                                          63 B
                                           230 B
                                           1
                                          1

                                          DNS Request

                                          www.microsoft.com

                                          DNS Response

                                          72.246.173.187

                                        • 8.8.8.8:53
                                          www.microsoft.com
                                          dns
                                          63 B
                                           230 B
                                           1
                                          1

                                          DNS Request

                                          www.microsoft.com

                                          DNS Response

                                          72.246.173.187

                                        • 8.8.8.8:53
                                          www.microsoft.com
                                          dns
                                          63 B
                                           275 B
                                           1
                                          1

                                          DNS Request

                                          www.microsoft.com

                                        • 8.8.8.8:53
                                          158.208.178.185.in-addr.arpa
                                          dns
                                          74 B
                                           102 B
                                           1
                                          1

                                          DNS Request

                                          158.208.178.185.in-addr.arpa

                                        • 8.8.8.8:53
                                          159.113.53.23.in-addr.arpa
                                          dns
                                          72 B
                                           137 B
                                           1
                                          1

                                          DNS Request

                                          159.113.53.23.in-addr.arpa

                                        • 8.8.8.8:53
                                          188.108.11.51.in-addr.arpa
                                          dns
                                          72 B
                                           158 B
                                           1
                                          1

                                          DNS Request

                                          188.108.11.51.in-addr.arpa

                                        • 8.8.8.8:53
                                          187.173.246.72.in-addr.arpa
                                          dns
                                          73 B
                                           139 B
                                           1
                                          1

                                          DNS Request

                                          187.173.246.72.in-addr.arpa

                                        • 8.8.8.8:53
                                          bzib.nelreports.net
                                          dns
                                          65 B
                                           172 B
                                           1
                                          1

                                          DNS Request

                                          bzib.nelreports.net

                                          DNS Response

                                          23.73.139.27
                                          23.73.139.50

                                        • 8.8.8.8:53
                                          bzib.nelreports.net
                                          dns
                                          65 B
                                           204 B
                                           1
                                          1

                                          DNS Request

                                          bzib.nelreports.net

                                        • 8.8.8.8:53
                                          www.microsoft.com
                                          dns
                                          63 B
                                           230 B
                                           1
                                          1

                                          DNS Request

                                          www.microsoft.com

                                          DNS Response

                                          72.246.173.187

                                        • 8.8.8.8:53
                                          27.139.73.23.in-addr.arpa
                                          dns
                                          142 B
                                           135 B
                                           2
                                          1

                                          DNS Request

                                          27.139.73.23.in-addr.arpa

                                          DNS Request

                                          27.139.73.23.in-addr.arpa

                                        • 8.8.8.8:53
                                          10.180.250.142.in-addr.arpa
                                          dns
                                          146 B
                                           112 B
                                           2
                                          1

                                          DNS Request

                                          10.180.250.142.in-addr.arpa

                                          DNS Request

                                          10.180.250.142.in-addr.arpa

                                        • 8.8.8.8:53
                                          client.crisp.chat
                                          dns
                                          63 B
                                           95 B
                                           1
                                          1

                                          DNS Request

                                          client.crisp.chat

                                          DNS Response

                                          104.18.29.104
                                          104.18.28.104

                                        • 8.8.8.8:53
                                          client.crisp.chat
                                          dns
                                          63 B
                                           1

                                          DNS Request

                                          client.crisp.chat

                                        • 8.8.8.8:53
                                          edgestatic.azureedge.net
                                          dns
                                          70 B
                                           1

                                          DNS Request

                                          edgestatic.azureedge.net

                                        • 8.8.8.8:53
                                          edgestatic.azureedge.net
                                          dns
                                          70 B
                                           1

                                          DNS Request

                                          edgestatic.azureedge.net

                                        • 8.8.8.8:53
                                          c.s-microsoft.com
                                          dns
                                          63 B
                                           193 B
                                           1
                                          1

                                          DNS Request

                                          c.s-microsoft.com

                                          DNS Response

                                          23.53.113.225

                                        • 8.8.8.8:53
                                          c.s-microsoft.com
                                          dns
                                          63 B
                                           238 B
                                           1
                                          1

                                          DNS Request

                                          c.s-microsoft.com

                                        • 8.8.8.8:53
                                          40.200.250.142.in-addr.arpa
                                          dns
                                          73 B
                                           111 B
                                           1
                                          1

                                          DNS Request

                                          40.200.250.142.in-addr.arpa

                                        • 8.8.8.8:53
                                          104.29.18.104.in-addr.arpa
                                          dns
                                          72 B
                                           134 B
                                           1
                                          1

                                          DNS Request

                                          104.29.18.104.in-addr.arpa

                                        • 8.8.8.8:53
                                          client.relay.crisp.chat
                                          dns
                                          69 B
                                           101 B
                                           1
                                          1

                                          DNS Request

                                          client.relay.crisp.chat

                                          DNS Response

                                          159.89.97.13
                                          46.101.18.133

                                        • 8.8.8.8:53
                                          client.relay.crisp.chat
                                          dns
                                          69 B
                                           129 B
                                           1
                                          1

                                          DNS Request

                                          client.relay.crisp.chat

                                        • 104.18.29.104:443
                                          client.crisp.chat
                                          https
                                          2.2kB
                                           7.7kB
                                           10
                                          12
                                        • 104.18.29.104:443
                                          client.crisp.chat
                                          https
                                          4.5kB
                                           8.7kB
                                           14
                                          15
                                        • 8.8.8.8:53
                                          edgestatic.azureedge.net
                                          dns
                                          70 B
                                           245 B
                                           1
                                          1

                                          DNS Request

                                          edgestatic.azureedge.net

                                          DNS Response

                                          13.107.246.64
                                          13.107.213.64

                                        • 8.8.8.8:53
                                          edgestatic.azureedge.net
                                          dns
                                          70 B
                                           273 B
                                           1
                                          1

                                          DNS Request

                                          edgestatic.azureedge.net

                                        • 8.8.8.8:53
                                          14.200.250.142.in-addr.arpa
                                          dns
                                          73 B
                                           112 B
                                           1
                                          1

                                          DNS Request

                                          14.200.250.142.in-addr.arpa

                                        • 8.8.8.8:53
                                          155.61.62.23.in-addr.arpa
                                          dns
                                          71 B
                                           135 B
                                           1
                                          1

                                          DNS Request

                                          155.61.62.23.in-addr.arpa

                                        • 8.8.8.8:53
                                          64.246.107.13.in-addr.arpa
                                          dns
                                          72 B
                                           158 B
                                           1
                                          1

                                          DNS Request

                                          64.246.107.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          13.97.89.159.in-addr.arpa
                                          dns
                                          213 B
                                           118 B
                                           3
                                          1

                                          DNS Request

                                          13.97.89.159.in-addr.arpa

                                          DNS Request

                                          13.97.89.159.in-addr.arpa

                                          DNS Request

                                          13.97.89.159.in-addr.arpa

                                        • 8.8.8.8:53
                                          nw-umwatson.events.data.microsoft.com
                                          dns
                                          332 B
                                           214 B
                                           4
                                          1

                                          DNS Request

                                          nw-umwatson.events.data.microsoft.com

                                          DNS Request

                                          nw-umwatson.events.data.microsoft.com

                                          DNS Request

                                          nw-umwatson.events.data.microsoft.com

                                          DNS Request

                                          nw-umwatson.events.data.microsoft.com

                                          DNS Response

                                          104.208.16.94

                                        • 8.8.8.8:53
                                          94.16.208.104.in-addr.arpa
                                          dns
                                          72 B
                                           146 B
                                           1
                                          1

                                          DNS Request

                                          94.16.208.104.in-addr.arpa

                                        • 8.8.8.8:53
                                          210.143.182.52.in-addr.arpa
                                          dns
                                          73 B
                                           147 B
                                           1
                                          1

                                          DNS Request

                                          210.143.182.52.in-addr.arpa

                                        • 8.8.8.8:53
                                          ipinfo.io
                                          dns
                                          WScript.exe
                                          55 B
                                           71 B
                                           1
                                          1

                                          DNS Request

                                          ipinfo.io

                                          DNS Response

                                          34.117.186.192

                                        • 8.8.8.8:53
                                          192.186.117.34.in-addr.arpa
                                          dns
                                          146 B
                                           252 B
                                           2
                                          2

                                          DNS Request

                                          192.186.117.34.in-addr.arpa

                                          DNS Request

                                          192.186.117.34.in-addr.arpa

                                        • 8.8.8.8:53
                                          8.8.8.8.in-addr.arpa
                                          dns
                                          nslookup.exe
                                          66 B
                                           90 B
                                           1
                                          1

                                          DNS Request

                                          8.8.8.8.in-addr.arpa

                                        • 8.8.8.8:53
                                          172.167.10.53.in-addr.arpa
                                          dns
                                          nslookup.exe
                                          72 B
                                           151 B
                                           1
                                          1

                                          DNS Request

                                          172.167.10.53.in-addr.arpa

                                        • 8.8.8.8:53
                                          8.8.8.8.in-addr.arpa
                                          dns
                                          nslookup.exe
                                          66 B
                                           90 B
                                           1
                                          1

                                          DNS Request

                                          8.8.8.8.in-addr.arpa

                                        • 8.8.8.8:53
                                          google.com
                                          dns
                                          nslookup.exe
                                          56 B
                                           72 B
                                           1
                                          1

                                          DNS Request

                                          google.com

                                          DNS Response

                                          142.250.179.238

                                        • 8.8.8.8:53
                                          google.com
                                          dns
                                          nslookup.exe
                                          56 B
                                           84 B
                                           1
                                          1

                                          DNS Request

                                          google.com

                                          DNS Response

                                          2a00:1450:4009:81d::200e

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4ovmkuid.cza.ps1
                                          Filesize

                                          60B

                                          MD5

                                          d17fe0a3f47be24a6453e9ef58c94641

                                          SHA1

                                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                          SHA256

                                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                          SHA512

                                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\response.txt
                                          Filesize

                                          269B

                                          MD5

                                          119f51264c1f12f2342d39ede961ad22

                                          SHA1

                                          f1a94385c1c8db59e36631e399c6751530a6ad85

                                          SHA256

                                          2b07555e3e107b8653c96910264c711c751bfa69e18550e998f89b021b7e083e

                                          SHA512

                                          48ce66ea0a164b711315eb86f745f53ebae6931676960b1e3da936c4aed0daca6cb68120312a04cd261099b2a97ef84741e16ac1a7c094072dca78e1bfed183d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\webclient.vbs
                                          Filesize

                                          552B

                                          MD5

                                          ca7fb865eaa381eda9a18adb23ff2355

                                          SHA1

                                          a321e8314811a5b43080e6787aed8753f7f8f1dc

                                          SHA256

                                          c78ab830f8e3454b5082ba5271a56177341fe965ef7fbce8d7285ca596fdc73c

                                          SHA512

                                          365511f969570a7a2b295c24442fe4343b67988cf21c6e073f263d1b9424b9f10f7b19d512eab45e312c4273ef8e99d358774c74c18e138a22dee29d7f05a9db

                                          Download Submit

                                        • memory/4260-0-0x000001422ACD0000-0x000001422ACF2000-memory.dmp

                                          Filesize

                                          136KB

                                          Download

                                        • memory/4260-10-0x00007FFCE8BB0000-0x00007FFCE9671000-memory.dmp

                                          Filesize

                                          10.8MB

                                          Download

                                        • memory/4260-12-0x0000014228C50000-0x0000014228C60000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/4260-11-0x0000014228C50000-0x0000014228C60000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/4260-13-0x0000014228C50000-0x0000014228C60000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/4260-16-0x00007FFCE8BB0000-0x00007FFCE9671000-memory.dmp

                                          Filesize

                                          10.8MB

                                          Download

                                        We care about your privacy.

                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.