Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2407804ea5...8.html

windows7-x64

1

2407804ea5...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/05/2024, 08:33 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2407804ea58bd26b67b6fe9f1ba154bb_JaffaCakes118.html

  • Size

    83KB

  • MD5

    2407804ea58bd26b67b6fe9f1ba154bb

  • SHA1

    743e5ff1a2a9a6e425ce2c1548e03e93983c852d

  • SHA256

    0e73ba823f4511c33a241f4d5b78ded35837dc541bbec667d62603ce27d2dbbc

  • SHA512

    7cefcc75d168c7c66b198b7596e19d6549274571eb4dae85a65c9e2744b14f6ab2fcf6dc54bed895b77c633bb6ce48b92dd457768dc8c4a9e9c7e8e0efb94f5d

  • SSDEEP

    1536:9R12AcZ7GLCIZlJufIAQhdIr5nmq6YAIAppoP6GUSRfrSUXAfLFOYc9XiMIwgV9p:cAcZ7PIZlJufIAQhdIr5nmq6YpAppoPc

Score
1/10

Malware Config

Signatures

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2407804ea58bd26b67b6fe9f1ba154bb_JaffaCakes118.html
    1⤵
      PID:4300
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
      1⤵
        PID:1368
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3224 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
        1⤵
          PID:5096
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
          1⤵
            PID:336
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5312 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
            1⤵
              PID:4560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
              1⤵
                PID:2276

              Network

              • flag-us
                DNS
                business.bing.com
                Remote address:
                8.8.8.8:53
                Request
                business.bing.com
                IN A
                Response
                business.bing.com
                IN CNAME
                business-bing-com.b-0005.b-msedge.net
                business-bing-com.b-0005.b-msedge.net
                IN CNAME
                b-0005.b-dc-msedge.net
                b-0005.b-dc-msedge.net
                IN A
                13.107.9.158
              • flag-us
                DNS
                business.bing.com
                Remote address:
                8.8.8.8:53
                Request
                business.bing.com
                IN Unknown
                Response
                business.bing.com
                IN CNAME
                business-bing-com.b-0005.b-msedge.net
                business-bing-com.b-0005.b-msedge.net
                IN CNAME
                b-0005.b-dc-msedge.net
              • flag-us
                DNS
                ajax.googleapis.com
                Remote address:
                8.8.8.8:53
                Request
                ajax.googleapis.com
                IN A
                Response
                ajax.googleapis.com
                IN A
                216.58.204.74
              • flag-us
                DNS
                ajax.googleapis.com
                Remote address:
                8.8.8.8:53
                Request
                ajax.googleapis.com
                IN Unknown
                Response
              • flag-us
                DNS
                img.youtube.com
                Remote address:
                8.8.8.8:53
                Request
                img.youtube.com
                IN A
                Response
                img.youtube.com
                IN CNAME
                ytimg.l.google.com
                ytimg.l.google.com
                IN A
                142.250.180.14
                ytimg.l.google.com
                IN A
                142.250.187.206
                ytimg.l.google.com
                IN A
                142.250.187.238
                ytimg.l.google.com
                IN A
                142.250.178.14
                ytimg.l.google.com
                IN A
                172.217.16.238
                ytimg.l.google.com
                IN A
                142.250.200.14
                ytimg.l.google.com
                IN A
                142.250.200.46
                ytimg.l.google.com
                IN A
                216.58.201.110
                ytimg.l.google.com
                IN A
                216.58.204.78
                ytimg.l.google.com
                IN A
                216.58.213.14
                ytimg.l.google.com
                IN A
                172.217.169.14
                ytimg.l.google.com
                IN A
                216.58.212.238
                ytimg.l.google.com
                IN A
                172.217.169.78
                ytimg.l.google.com
                IN A
                172.217.169.46
                ytimg.l.google.com
                IN A
                142.250.179.238
              • flag-us
                DNS
                img.youtube.com
                Remote address:
                8.8.8.8:53
                Request
                img.youtube.com
                IN Unknown
                Response
                img.youtube.com
                IN CNAME
                ytimg.l.google.com
              • flag-gb
                GET
                http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
                Remote address:
                216.58.204.74:80
                Request
                GET /ajax/libs/jquery/1.7.2/jquery.min.js HTTP/1.1
                Host: ajax.googleapis.com
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                DNT: 1
                Accept: */*
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Response
                HTTP/1.1 200 OK
                Accept-Ranges: bytes
                Content-Encoding: gzip
                Access-Control-Allow-Origin: *
                Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
                Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
                Timing-Allow-Origin: *
                Content-Length: 33845
                X-Content-Type-Options: nosniff
                Server: sffe
                X-XSS-Protection: 0
                Date: Sat, 04 May 2024 06:16:02 GMT
                Expires: Sun, 04 May 2025 06:16:02 GMT
                Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
                Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
                Content-Type: text/javascript; charset=UTF-8
                Vary: Accept-Encoding
                Age: 353856
              • flag-gb
                GET
                http://fonts.googleapis.com/css?family=Roboto:700|Roboto:normal&subset=latin
                Remote address:
                216.58.204.74:80
                Request
                GET /css?family=Roboto:700|Roboto:normal&subset=latin HTTP/1.1
                Host: fonts.googleapis.com
                Connection: keep-alive
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                DNT: 1
                Accept: text/css,*/*;q=0.1
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Response
                HTTP/1.1 200 OK
                Content-Type: text/css; charset=utf-8
                Access-Control-Allow-Origin: *
                Timing-Allow-Origin: *
                Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
                Expires: Wed, 08 May 2024 08:33:38 GMT
                Date: Wed, 08 May 2024 08:33:38 GMT
                Cache-Control: private, max-age=86400, stale-while-revalidate=604800
                Last-Modified: Wed, 08 May 2024 08:33:38 GMT
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy: same-origin-allow-popups
                Content-Encoding: gzip
                Transfer-Encoding: chunked
                Server: ESF
                X-XSS-Protection: 0
                X-Frame-Options: SAMEORIGIN
                X-Content-Type-Options: nosniff
              • flag-us
                DNS
                www.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                www.microsoft.com
                IN A
                Response
                www.microsoft.com
                IN CNAME
                www.microsoft.com-c-3.edgekey.net
                www.microsoft.com-c-3.edgekey.net
                IN CNAME
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                IN CNAME
                e13678.dscb.akamaiedge.net
                e13678.dscb.akamaiedge.net
                IN A
                2.21.17.194
              • flag-us
                DNS
                www.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                www.microsoft.com
                IN Unknown
                Response
                www.microsoft.com
                IN CNAME
                www.microsoft.com-c-3.edgekey.net
                www.microsoft.com-c-3.edgekey.net
                IN CNAME
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                IN CNAME
                e13678.dscb.akamaiedge.net
              • flag-us
                DNS
                go.oclaserver.com
                Remote address:
                8.8.8.8:53
                Request
                go.oclaserver.com
                IN A
                Response
                go.oclaserver.com
                IN A
                139.45.197.236
              • flag-gb
                GET
                http://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
                Remote address:
                216.58.212.227:80
                Request
                GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
                Host: fonts.gstatic.com
                Connection: keep-alive
                Origin: null
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                DNT: 1
                Accept: */*
                Referer: http://fonts.googleapis.com/
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Response
                HTTP/1.1 200 OK
                Accept-Ranges: bytes
                Access-Control-Allow-Origin: *
                Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
                Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
                Timing-Allow-Origin: *
                Content-Length: 15860
                X-Content-Type-Options: nosniff
                Server: sffe
                X-XSS-Protection: 0
                Date: Sat, 04 May 2024 10:12:32 GMT
                Expires: Sun, 04 May 2025 10:12:32 GMT
                Cache-Control: public, max-age=31536000
                Last-Modified: Wed, 11 May 2022 19:24:42 GMT
                Content-Type: font/woff2
                Age: 339691
              • flag-gb
                GET
                http://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
                Remote address:
                216.58.212.227:80
                Request
                GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
                Host: fonts.gstatic.com
                Connection: keep-alive
                Origin: null
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
                DNT: 1
                Accept: */*
                Referer: http://fonts.googleapis.com/
                Accept-Encoding: gzip, deflate
                Accept-Language: en-US,en;q=0.9
                Response
                HTTP/1.1 200 OK
                Accept-Ranges: bytes
                Access-Control-Allow-Origin: *
                Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
                Cross-Origin-Resource-Policy: cross-origin
                Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
                Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
                Timing-Allow-Origin: *
                Content-Length: 15744
                X-Content-Type-Options: nosniff
                Server: sffe
                X-XSS-Protection: 0
                Date: Sun, 05 May 2024 07:59:41 GMT
                Expires: Mon, 05 May 2025 07:59:41 GMT
                Cache-Control: public, max-age=31536000
                Last-Modified: Wed, 11 May 2022 19:24:48 GMT
                Content-Type: font/woff2
                Age: 261262
              • flag-us
                DNS
                bzib.nelreports.net
                Remote address:
                8.8.8.8:53
                Request
                bzib.nelreports.net
                IN A
                Response
                bzib.nelreports.net
                IN CNAME
                bzib.nelreports.net.akamaized.net
                bzib.nelreports.net.akamaized.net
                IN CNAME
                a416.dscd.akamai.net
                a416.dscd.akamai.net
                IN A
                96.16.53.162
                a416.dscd.akamai.net
                IN A
                96.16.53.149
              • flag-us
                DNS
                bzib.nelreports.net
                Remote address:
                8.8.8.8:53
                Request
                bzib.nelreports.net
                IN Unknown
                Response
                bzib.nelreports.net
                IN CNAME
                bzib.nelreports.net.akamaized.net
                bzib.nelreports.net.akamaized.net
                IN CNAME
                a416.dscd.akamai.net
              • flag-us
                DNS
                159.113.53.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                159.113.53.23.in-addr.arpa
                IN PTR
                Response
                159.113.53.23.in-addr.arpa
                IN PTR
                a23-53-113-159deploystaticakamaitechnologiescom
              • flag-us
                DNS
                74.204.58.216.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                74.204.58.216.in-addr.arpa
                IN PTR
                Response
                74.204.58.216.in-addr.arpa
                IN PTR
                lhr25s13-in-f101e100net
                74.204.58.216.in-addr.arpa
                IN PTR
                lhr48s49-in-f10�H
                74.204.58.216.in-addr.arpa
                IN PTR
                lhr25s13-in-f74�H
              • flag-us
                DNS
                158.9.107.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                158.9.107.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                14.180.250.142.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.180.250.142.in-addr.arpa
                IN PTR
                Response
                14.180.250.142.in-addr.arpa
                IN PTR
                lhr25s32-in-f141e100net
              • flag-us
                DNS
                227.212.58.216.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                227.212.58.216.in-addr.arpa
                IN PTR
                Response
                227.212.58.216.in-addr.arpa
                IN PTR
                ams16s22-in-f31e100net
                227.212.58.216.in-addr.arpa
                IN PTR
                lhr25s28-in-f3�H
                227.212.58.216.in-addr.arpa
                IN PTR
                ams16s22-in-f227�H
              • flag-us
                DNS
                194.17.21.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                194.17.21.2.in-addr.arpa
                IN PTR
                Response
                194.17.21.2.in-addr.arpa
                IN PTR
                a2-21-17-194deploystaticakamaitechnologiescom
              • flag-us
                DNS
                162.53.16.96.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                162.53.16.96.in-addr.arpa
                IN PTR
                Response
                162.53.16.96.in-addr.arpa
                IN PTR
                a96-16-53-162deploystaticakamaitechnologiescom
              • flag-us
                DNS
                www.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                www.microsoft.com
                IN A
                Response
                www.microsoft.com
                IN CNAME
                www.microsoft.com-c-3.edgekey.net
                www.microsoft.com-c-3.edgekey.net
                IN CNAME
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                IN CNAME
                e13678.dscb.akamaiedge.net
                e13678.dscb.akamaiedge.net
                IN A
                2.21.17.194
              • flag-us
                DNS
                nav-edge.smartscreen.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                nav-edge.smartscreen.microsoft.com
                IN A
                Response
                nav-edge.smartscreen.microsoft.com
                IN CNAME
                tm-prod-wd-csp-edge.trafficmanager.net
                tm-prod-wd-csp-edge.trafficmanager.net
                IN CNAME
                prod-agic-us-1.uksouth.cloudapp.azure.com
                prod-agic-us-1.uksouth.cloudapp.azure.com
                IN A
                13.87.96.169
              • flag-us
                DNS
                nav-edge.smartscreen.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                nav-edge.smartscreen.microsoft.com
                IN Unknown
                Response
                nav-edge.smartscreen.microsoft.com
                IN CNAME
                tm-prod-wd-csp-edge.trafficmanager.net
                tm-prod-wd-csp-edge.trafficmanager.net
                IN CNAME
                prod-agic-us-3.uksouth.cloudapp.azure.com
              • flag-us
                DNS
                www.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                www.microsoft.com
                IN A
                Response
                www.microsoft.com
                IN CNAME
                www.microsoft.com-c-3.edgekey.net
                www.microsoft.com-c-3.edgekey.net
                IN CNAME
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                IN CNAME
                e13678.dscb.akamaiedge.net
                e13678.dscb.akamaiedge.net
                IN A
                2.21.17.194
              • flag-us
                DNS
                go.oclaserver.com
                Remote address:
                8.8.8.8:53
                Request
                go.oclaserver.com
                IN A
                Response
                go.oclaserver.com
                IN A
                139.45.197.236
              • flag-us
                DNS
                edgestatic.azureedge.net
                Remote address:
                8.8.8.8:53
                Request
                edgestatic.azureedge.net
                IN A
                Response
                edgestatic.azureedge.net
                IN CNAME
                edgestatic.afd.azureedge.net
                edgestatic.afd.azureedge.net
                IN CNAME
                azureedge-t-prod.trafficmanager.net
                azureedge-t-prod.trafficmanager.net
                IN CNAME
                shed.dual-low.part-0036.t-0009.t-msedge.net
                shed.dual-low.part-0036.t-0009.t-msedge.net
                IN CNAME
                global-entry-afdthirdparty-fallback-first.trafficmanager.net
                global-entry-afdthirdparty-fallback-first.trafficmanager.net
                IN CNAME
                dual.part-0036.t-0009.fb-t-msedge.net
                dual.part-0036.t-0009.fb-t-msedge.net
                IN CNAME
                part-0036.t-0009.fb-t-msedge.net
                part-0036.t-0009.fb-t-msedge.net
                IN A
                13.107.253.64
                part-0036.t-0009.fb-t-msedge.net
                IN A
                13.107.226.64
              • flag-us
                DNS
                edgestatic.azureedge.net
                Remote address:
                8.8.8.8:53
                Request
                edgestatic.azureedge.net
                IN Unknown
                Response
                edgestatic.azureedge.net
                IN CNAME
                edgestatic.afd.azureedge.net
                edgestatic.afd.azureedge.net
                IN CNAME
                azureedge-t-prod.trafficmanager.net
                azureedge-t-prod.trafficmanager.net
                IN CNAME
                shed.dual-low.part-0036.t-0009.t-msedge.net
                shed.dual-low.part-0036.t-0009.t-msedge.net
                IN CNAME
                part-0036.t-0009.t-msedge.net
              • flag-us
                DNS
                c.s-microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                c.s-microsoft.com
                IN A
                Response
                c.s-microsoft.com
                IN CNAME
                c-s.cms.ms.akadns.net
                c-s.cms.ms.akadns.net
                IN CNAME
                c.s-microsoft.com-c.edgekey.net
                c.s-microsoft.com-c.edgekey.net
                IN CNAME
                e13678.dscg.akamaiedge.net
                e13678.dscg.akamaiedge.net
                IN A
                23.53.113.225
              • flag-us
                DNS
                c.s-microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                c.s-microsoft.com
                IN Unknown
                Response
                c.s-microsoft.com
                IN CNAME
                c-s.cms.ms.akadns.net
                c-s.cms.ms.akadns.net
                IN CNAME
                c.s-microsoft.com-c.edgekey.net
                c.s-microsoft.com-c.edgekey.net
                IN CNAME
                e13678.dscg.akamaiedge.net
              • flag-us
                DNS
                169.96.87.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                169.96.87.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                183.142.211.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                183.142.211.20.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                95.221.229.192.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.221.229.192.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                134.32.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                134.32.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                97.17.167.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                97.17.167.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                nw-umwatson.events.data.microsoft.com
                Remote address:
                8.8.8.8:53
                Request
                nw-umwatson.events.data.microsoft.com
                IN A
                Response
                nw-umwatson.events.data.microsoft.com
                IN CNAME
                blobcollector.events.data.trafficmanager.net
                blobcollector.events.data.trafficmanager.net
                IN CNAME
                onedsblobprdwus16.westus.cloudapp.azure.com
                onedsblobprdwus16.westus.cloudapp.azure.com
                IN A
                20.189.173.21
              • flag-us
                POST
                https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                Remote address:
                20.189.173.21:443
                Request
                POST /Telemetry.Request HTTP/1.1
                Connection: Keep-Alive
                Content-Type: application/xml
                User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
                MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAAToz/HdquYTpN9obgFBVc+mr06mumSXj13umHvp7WjdKQYQud/YZ5KYZpRzPPYZmm2ZudfDGoI3zewjM46N+4GdTLiXq3o2I2FQi5qN2h4ThummZQ9JKIFcgEYdDAWSyjcB8v9N+WedqtcbhDxiGzaW8dFqwVtMbKwcjomlNnEPM7qXZfP3JEQD9dDikbf1/w6PzmXoapvaFDKdBNzKHXF+UhqSMHIu6+kJ/Fcxb9Aoq8oX5jF0nckhEFrZhNTmFmMCneGGKTVyOAfW2XKv8IQJ/6MBkblkXwpDP25jCdXZA2tYUJSfdydHHGSToGiFHpsyELA9Hl7e187tCctXPRk4DZgAACIFwfiBE7AMOiAGy/IxFCcw7tNvVBNrDxJHM4eXxUhZt7WnwDjMLeuYvS0cwFmfIc4vkapxUfzMcLi7bfDo9rGnpCUmBXiJSabQEHgl8ysIsNS9JlQoXWZn+tF70h8TMgvLOQsKZYSEIU3N7ZHcUieLtTYlGePESfSwIK2HOYS/k1Fu6gbw8MlqLjJjj18QZ4fiAa2dLJT1gXtkpGl1DFvfvkBD4DHBkhtxoY2QOWYFdaxq+72yZ5l+wjrZjQHhTlPdStzpLhDN/O8HmCELrkfnWYa1fmqo6fKJQnE9mIZme/kdK8QkFnj7hRgk43lseIIwM8tXCIKODthHcSeV9bcpPdVvhAMt7iOztSgzR0dxc5sz2NFqCzIyGfMfF129wfrn0sbs3O8g7TT//HpbESx1ORsYbiyje/d5Mukr5sZ43mIA5iLi3wj54oQVx+gwcWeKQIzNkg+UjM0vyVQwCRW4KJa7DhQrsIvsJteyWwZUAswZOz41LopxvdY9f0hE3pZFWGrZuSJucm9j9gOGPrsTtFrgB&p=
                Content-Length: 3685
                Host: nw-umwatson.events.data.microsoft.com
                Response
                HTTP/1.1 200 200 OK
                Content-Length: 634
                Content-Type: text/xml
                Server: Microsoft-HTTPAPI/2.0
                Strict-Transport-Security: max-age=31536000
                Date: Wed, 08 May 2024 08:33:58 GMT
              • flag-us
                DNS
                21.173.189.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                21.173.189.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                connect.facebook.net
                Remote address:
                8.8.8.8:53
                Request
                connect.facebook.net
                IN A
                Response
                connect.facebook.net
                IN CNAME
                scontent.xx.fbcdn.net
                scontent.xx.fbcdn.net
                IN A
                163.70.151.21
              • flag-us
                DNS
                connect.facebook.net
                Remote address:
                8.8.8.8:53
                Request
                connect.facebook.net
                IN A
                Response
                connect.facebook.net
                IN CNAME
                scontent.xx.fbcdn.net
                scontent.xx.fbcdn.net
                IN A
                163.70.151.21
              • flag-us
                DNS
                86.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                86.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                56.126.166.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                56.126.166.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                133.211.185.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                133.211.185.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                172.210.232.199.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                172.210.232.199.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                155.61.62.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                155.61.62.23.in-addr.arpa
                IN PTR
                Response
                155.61.62.23.in-addr.arpa
                IN PTR
                a23-62-61-155deploystaticakamaitechnologiescom
              • flag-us
                DNS
                14.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                14.227.111.52.in-addr.arpa
                IN PTR
                Response
              • 216.58.204.74:80
                http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
                http
                1.2kB
                 36.1kB
                 19
                32

                HTTP Request

                GET http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js

                HTTP Response

                200
              • 216.58.204.74:80
                http://fonts.googleapis.com/css?family=Roboto:700|Roboto:normal&subset=latin
                http
                680 B
                 1.6kB
                 7
                7

                HTTP Request

                GET http://fonts.googleapis.com/css?family=Roboto:700|Roboto:normal&subset=latin

                HTTP Response

                200
              • 13.107.9.158:443
                business.bing.com
                tls
                2.0kB
                 9.9kB
                 18
                23
              • 142.250.180.14:443
                img.youtube.com
                tls
                6.8kB
                 156.8kB
                 108
                127
              • 142.250.180.14:443
                img.youtube.com
                52 B
                 1
              • 142.250.180.14:443
                img.youtube.com
                52 B
                 1
              • 142.250.180.14:443
                img.youtube.com
                tls
                1.1kB
                 8.4kB
                 10
                10
              • 142.250.180.14:443
                img.youtube.com
                tls
                1.0kB
                 8.4kB
                 10
                10
              • 142.250.180.14:443
                img.youtube.com
                tls
                1.1kB
                 8.4kB
                 10
                10
              • 139.45.197.236:445
                go.oclaserver.com
                208 B
                 4
              • 2.21.17.194:443
                www.microsoft.com
                tls
                2.8kB
                 22.8kB
                 26
                36
              • 216.58.212.227:80
                http://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
                http
                1.7kB
                 34.4kB
                 20
                30

                HTTP Request

                GET http://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

                HTTP Response

                200

                HTTP Request

                GET http://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

                HTTP Response

                200
              • 96.16.53.162:443
                bzib.nelreports.net
                tls
                2.6kB
                 6.0kB
                 13
                15
              • 13.87.96.169:443
                nav-edge.smartscreen.microsoft.com
                tls
                13.0kB
                 14.0kB
                 35
                34
              • 13.87.96.169:443
                nav-edge.smartscreen.microsoft.com
                52 B
                 1
              • 13.87.96.169:443
                nav-edge.smartscreen.microsoft.com
                98 B
                 52 B
                 2
                1
              • 13.107.253.64:443
                edgestatic.azureedge.net
                tls
                1.7kB
                 7.8kB
                 12
                13
              • 13.107.253.64:443
                edgestatic.azureedge.net
                tls
                1.9kB
                 8.1kB
                 16
                18
              • 13.107.253.64:443
                edgestatic.azureedge.net
                tls
                69.1kB
                 2.8MB
                 1324
                2039
              • 139.45.197.236:139
                go.oclaserver.com
                156 B
                 3
              • 13.107.253.64:443
                edgestatic.azureedge.net
                tls, https
                184 B
                 275 B
                 4
                5
              • 13.107.246.64:443
                tls, https
                184 B
                 275 B
                 4
                5
              • 216.58.201.106:443
                46 B
                 40 B
                 1
                1
              • 20.189.173.21:443
                https://nw-umwatson.events.data.microsoft.com/Telemetry.Request
                tls, http
                5.9kB
                 7.6kB
                 13
                11

                HTTP Request

                POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

                HTTP Response

                200
              • 163.70.151.21:445
                connect.facebook.net
                260 B
                 5
              • 163.70.151.21:139
                connect.facebook.net
                260 B
                 5
              • 142.250.179.238:445
                www.google-analytics.com
                260 B
                 5
              • 142.250.179.238:139
                www.google-analytics.com
                260 B
                 5
              • 23.62.61.155:443
                www.bing.com
                tls
                1.0kB
                 5.1kB
                 9
                11
              • 23.62.61.155:443
                www.bing.com
                tls
                1.3kB
                 906 B
                 7
                7
              • 8.8.8.8:53
                business.bing.com
                dns
                63 B
                 163 B
                 1
                1

                DNS Request

                business.bing.com

                DNS Response

                13.107.9.158

              • 8.8.8.8:53
                business.bing.com
                dns
                63 B
                 204 B
                 1
                1

                DNS Request

                business.bing.com

              • 8.8.8.8:53
                ajax.googleapis.com
                dns
                65 B
                 81 B
                 1
                1

                DNS Request

                ajax.googleapis.com

                DNS Response

                216.58.204.74

              • 8.8.8.8:53
                ajax.googleapis.com
                dns
                65 B
                 122 B
                 1
                1

                DNS Request

                ajax.googleapis.com

              • 8.8.8.8:53
                img.youtube.com
                dns
                61 B
                 330 B
                 1
                1

                DNS Request

                img.youtube.com

                DNS Response

                142.250.180.14
                142.250.187.206
                142.250.187.238
                142.250.178.14
                172.217.16.238
                142.250.200.14
                142.250.200.46
                216.58.201.110
                216.58.204.78
                216.58.213.14
                172.217.169.14
                216.58.212.238
                172.217.169.78
                172.217.169.46
                142.250.179.238

              • 8.8.8.8:53
                img.youtube.com
                dns
                61 B
                 140 B
                 1
                1

                DNS Request

                img.youtube.com

              • 8.8.8.8:53
                www.microsoft.com
                dns
                63 B
                 230 B
                 1
                1

                DNS Request

                www.microsoft.com

                DNS Response

                2.21.17.194

              • 8.8.8.8:53
                www.microsoft.com
                dns
                63 B
                 275 B
                 1
                1

                DNS Request

                www.microsoft.com

              • 8.8.8.8:53
                go.oclaserver.com
                dns
                63 B
                 79 B
                 1
                1

                DNS Request

                go.oclaserver.com

                DNS Response

                139.45.197.236

              • 8.8.8.8:53
                bzib.nelreports.net
                dns
                65 B
                 172 B
                 1
                1

                DNS Request

                bzib.nelreports.net

                DNS Response

                96.16.53.162
                96.16.53.149

              • 8.8.8.8:53
                bzib.nelreports.net
                dns
                65 B
                 204 B
                 1
                1

                DNS Request

                bzib.nelreports.net

              • 142.250.180.14:443
                img.youtube.com
                https
                14.2kB
                 454.9kB
                 149
                426
              • 8.8.8.8:53
                159.113.53.23.in-addr.arpa
                dns
                72 B
                 137 B
                 1
                1

                DNS Request

                159.113.53.23.in-addr.arpa

              • 8.8.8.8:53
                74.204.58.216.in-addr.arpa
                dns
                72 B
                 171 B
                 1
                1

                DNS Request

                74.204.58.216.in-addr.arpa

              • 8.8.8.8:53
                158.9.107.13.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                158.9.107.13.in-addr.arpa

              • 8.8.8.8:53
                14.180.250.142.in-addr.arpa
                dns
                73 B
                 112 B
                 1
                1

                DNS Request

                14.180.250.142.in-addr.arpa

              • 8.8.8.8:53
                227.212.58.216.in-addr.arpa
                dns
                73 B
                 171 B
                 1
                1

                DNS Request

                227.212.58.216.in-addr.arpa

              • 8.8.8.8:53
                194.17.21.2.in-addr.arpa
                dns
                70 B
                 133 B
                 1
                1

                DNS Request

                194.17.21.2.in-addr.arpa

              • 8.8.8.8:53
                162.53.16.96.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                162.53.16.96.in-addr.arpa

              • 8.8.8.8:53
                www.microsoft.com
                dns
                63 B
                 230 B
                 1
                1

                DNS Request

                www.microsoft.com

                DNS Response

                2.21.17.194

              • 8.8.8.8:53
                nav-edge.smartscreen.microsoft.com
                dns
                80 B
                 200 B
                 1
                1

                DNS Request

                nav-edge.smartscreen.microsoft.com

                DNS Response

                13.87.96.169

              • 8.8.8.8:53
                nav-edge.smartscreen.microsoft.com
                dns
                80 B
                 244 B
                 1
                1

                DNS Request

                nav-edge.smartscreen.microsoft.com

              • 8.8.8.8:53
                www.microsoft.com
                dns
                63 B
                 230 B
                 1
                1

                DNS Request

                www.microsoft.com

                DNS Response

                2.21.17.194

              • 8.8.8.8:53
                go.oclaserver.com
                dns
                63 B
                 79 B
                 1
                1

                DNS Request

                go.oclaserver.com

                DNS Response

                139.45.197.236

              • 8.8.8.8:53
                edgestatic.azureedge.net
                dns
                70 B
                 349 B
                 1
                1

                DNS Request

                edgestatic.azureedge.net

                DNS Response

                13.107.253.64
                13.107.226.64

              • 8.8.8.8:53
                edgestatic.azureedge.net
                dns
                70 B
                 273 B
                 1
                1

                DNS Request

                edgestatic.azureedge.net

              • 8.8.8.8:53
                c.s-microsoft.com
                dns
                63 B
                 193 B
                 1
                1

                DNS Request

                c.s-microsoft.com

                DNS Response

                23.53.113.225

              • 8.8.8.8:53
                c.s-microsoft.com
                dns
                63 B
                 238 B
                 1
                1

                DNS Request

                c.s-microsoft.com

              • 8.8.8.8:53
                169.96.87.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                169.96.87.13.in-addr.arpa

              • 8.8.8.8:53
                183.142.211.20.in-addr.arpa
                dns
                73 B
                 1

                DNS Request

                183.142.211.20.in-addr.arpa

              • 8.8.8.8:53
                95.221.229.192.in-addr.arpa
                dns
                73 B
                 144 B
                 1
                1

                DNS Request

                95.221.229.192.in-addr.arpa

              • 8.8.8.8:53
                134.32.126.40.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                134.32.126.40.in-addr.arpa

              • 8.8.8.8:53
              • 8.8.8.8:53
              • 8.8.8.8:53
              • 8.8.8.8:53
              • 8.8.8.8:53
                97.17.167.52.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                97.17.167.52.in-addr.arpa

              • 8.8.8.8:53
                nw-umwatson.events.data.microsoft.com
                dns
                83 B
                 211 B
                 1
                1

                DNS Request

                nw-umwatson.events.data.microsoft.com

                DNS Response

                20.189.173.21

              • 8.8.8.8:53
                21.173.189.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                21.173.189.20.in-addr.arpa

              • 8.8.8.8:53
                connect.facebook.net
                dns
                66 B
                 114 B
                 1
                1

                DNS Request

                connect.facebook.net

                DNS Response

                163.70.151.21

              • 8.8.8.8:53
                connect.facebook.net
                dns
                66 B
                 114 B
                 1
                1

                DNS Request

                connect.facebook.net

                DNS Response

                163.70.151.21

              • 8.8.8.8:53
                86.23.85.13.in-addr.arpa
                dns
                70 B
                 144 B
                 1
                1

                DNS Request

                86.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                56.126.166.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                56.126.166.20.in-addr.arpa

              • 8.8.8.8:53
                133.211.185.52.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                133.211.185.52.in-addr.arpa

              • 8.8.8.8:53
                172.210.232.199.in-addr.arpa
                dns
                74 B
                 128 B
                 1
                1

                DNS Request

                172.210.232.199.in-addr.arpa

              • 8.8.8.8:53
                155.61.62.23.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                155.61.62.23.in-addr.arpa

              • 224.0.0.251:5353
                204 B
                 3
              • 8.8.8.8:53
                14.227.111.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                14.227.111.52.in-addr.arpa

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.