hxxps://connect[.]hexagongeosystems[.]com/webmail/665443/914897433/5d7f480abd9790d4b9e642d15acb27406aabb524f21c8613773a2fbf386697ee

Analysis

max time kernel
131s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 14:46 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://connect.hexagongeosystems.com/webmail/665443/914897433/5d7f480abd9790d4b9e642d15acb27406aabb524f21c8613773a2fbf386697ee

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://connect.hexagongeosystems.com/webmail/665443/914897433/5d7f480abd9790d4b9e642d15acb27406aabb524f21c8613773a2fbf386697ee
1⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4740,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1
1⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1
1⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5392,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:1
1⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5544,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8
1⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5576,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
1⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6072,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
1⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6220,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:1
1⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5924,i,5469445176230119590,7931734017267321834,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:8
1⤵
PID:3836

Network

DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN A

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

IN A

94.245.104.56
DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN Unknown

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A

Response

connect.hexagongeosystems.com

IN CNAME

go.pardot.com

go.pardot.com

IN CNAME

pi.pardot.com

pi.pardot.com

IN CNAME

pi-ue1.pardot.com

pi-ue1.pardot.com

IN CNAME

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

34.237.219.119

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

52.54.96.194

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.92.120.28

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.215.172.219

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

18.208.125.13
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN Unknown

Response

connect.hexagongeosystems.com

IN CNAME

go.pardot.com

go.pardot.com

IN CNAME

pi.pardot.com

pi.pardot.com

IN CNAME

pi-ue1.pardot.com

pi-ue1.pardot.com

IN CNAME

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

119.219.237.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.219.237.34.in-addr.arpa

IN PTR

Response

119.219.237.34.in-addr.arpa

IN PTR

ec2-34-237-219-119 compute-1 amazonawscom
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

56.104.245.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.104.245.94.in-addr.arpa

IN PTR

Response
DNS

56.104.245.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.104.245.94.in-addr.arpa

IN PTR
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

2.20.12.87

a416.dscd.akamai.net

IN A

2.20.12.101
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

hexagon.blob.core.windows.net

Remote address:

8.8.8.8:53

Request

hexagon.blob.core.windows.net

IN A

Response

hexagon.blob.core.windows.net

IN CNAME

blob.blz25prdstr05a.store.core.windows.net

blob.blz25prdstr05a.store.core.windows.net

IN A

20.209.162.193
DNS

hexagon.blob.core.windows.net

Remote address:

8.8.8.8:53

Request

hexagon.blob.core.windows.net

IN Unknown

Response

hexagon.blob.core.windows.net

IN CNAME

blob.blz25prdstr05a.store.core.windows.net
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

storage.pardot.com

Remote address:

8.8.8.8:53

Request

storage.pardot.com

IN A

Response

storage.pardot.com

IN CNAME

dyp9ewo5xs1mw.cloudfront.net

dyp9ewo5xs1mw.cloudfront.net

IN A

108.156.22.25

dyp9ewo5xs1mw.cloudfront.net

IN A

108.156.22.96

dyp9ewo5xs1mw.cloudfront.net

IN A

108.156.22.13

dyp9ewo5xs1mw.cloudfront.net

IN A

108.156.22.122
DNS

storage.pardot.com

Remote address:

8.8.8.8:53

Request

storage.pardot.com

IN Unknown

Response

storage.pardot.com

IN CNAME

dyp9ewo5xs1mw.cloudfront.net
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

87.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.12.20.2.in-addr.arpa

IN PTR

Response

87.12.20.2.in-addr.arpa

IN PTR

a2-20-12-87deploystaticakamaitechnologiescom
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

25.22.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.22.156.108.in-addr.arpa

IN PTR

Response

25.22.156.108.in-addr.arpa

IN PTR

server-108-156-22-25hel51r cloudfrontnet
DNS

193.162.209.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.162.209.20.in-addr.arpa

IN PTR

Response
DNS

188.108.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.108.11.51.in-addr.arpa

IN PTR

Response
DNS

130.143.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.143.123.92.in-addr.arpa

IN PTR

Response

130.143.123.92.in-addr.arpa

IN PTR

a92-123-143-130deploystaticakamaitechnologiescom
DNS

57.110.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.110.18.2.in-addr.arpa

IN PTR

Response

57.110.18.2.in-addr.arpa

IN PTR

a2-18-110-57deploystaticakamaitechnologiescom
DNS

pi.pardot.com

Remote address:

8.8.8.8:53

Request

pi.pardot.com

IN A
DNS

pi.pardot.com

Remote address:

8.8.8.8:53

Request

pi.pardot.com

IN Unknown
DNS

pi.pardot.com

Remote address:

8.8.8.8:53

Request

pi.pardot.com

IN A

Response

pi.pardot.com

IN CNAME

pi-ue1.pardot.com

pi-ue1.pardot.com

IN CNAME

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.215.172.219

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

34.237.219.119

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.92.120.28

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

18.208.125.13

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

52.54.96.194
DNS

pi.pardot.com

Remote address:

8.8.8.8:53

Request

pi.pardot.com

IN Unknown

Response

pi.pardot.com

IN CNAME

pi-ue1.pardot.com

pi-ue1.pardot.com

IN CNAME

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com
DNS

219.172.215.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.172.215.3.in-addr.arpa

IN PTR

Response

219.172.215.3.in-addr.arpa

IN PTR

ec2-3-215-172-219 compute-1 amazonawscom
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

144.245.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.245.100.95.in-addr.arpa

IN PTR

Response

144.245.100.95.in-addr.arpa

IN PTR

a95-100-245-144deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

2.18.109.131
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR

Response

107.12.20.2.in-addr.arpa

IN PTR

a2-20-12-107deploystaticakamaitechnologiescom
DNS

107.12.20.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.12.20.2.in-addr.arpa

IN PTR
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN Unknown
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN Unknown
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A

Response

connect.hexagongeosystems.com

IN CNAME

go.pardot.com

go.pardot.com

IN CNAME

pi.pardot.com

pi.pardot.com

IN CNAME

pi-ue1.pardot.com

pi-ue1.pardot.com

IN CNAME

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

52.54.96.194

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.92.120.28

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

3.215.172.219

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

18.208.125.13

pi-ue1-public-lb-f0209c6950285322.elb.us-east-1.amazonaws.com

IN A

34.237.219.119
DNS

connect.hexagongeosystems.com

Remote address:

8.8.8.8:53

Request

connect.hexagongeosystems.com

IN A
DNS

57.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.142.123.92.in-addr.arpa

IN PTR

Response

57.142.123.92.in-addr.arpa

IN PTR

a92-123-142-57deploystaticakamaitechnologiescom
DNS

88.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.65.42.20.in-addr.arpa

IN PTR

Response

34.237.219.119:443

connect.hexagongeosystems.com

tls

8.4kB
14.9kB
23
23
34.237.219.119:443

connect.hexagongeosystems.com

tls

3.3kB
5.1kB
14
13
94.245.104.56:443

api.edgeoffer.microsoft.com

tls

3.2kB
6.8kB
14
12
94.245.104.56:443

api.edgeoffer.microsoft.com

tls

3.5kB
7.6kB
14
15
13.107.6.158:443

business.bing.com

tls

5.2kB
10.1kB
22
23
2.20.12.87:443

bzib.nelreports.net

tls

4.0kB
6.8kB
14
11
34.237.219.119:443

connect.hexagongeosystems.com

tls

3.1kB
5.1kB
12
12
20.209.162.193:443

hexagon.blob.core.windows.net

tls

2.3kB
512 B
10
11
20.209.162.193:443

hexagon.blob.core.windows.net

tls

4.5kB
10.0kB
19
18
20.209.162.193:443

hexagon.blob.core.windows.net

tls

5.3kB
11.4kB
21
20
20.209.162.193:443

hexagon.blob.core.windows.net

tls

2.3kB
512 B
10
11
20.209.162.193:443

hexagon.blob.core.windows.net

tls

5.3kB
12.3kB
22
19
20.209.162.193:443

hexagon.blob.core.windows.net

tls

3.0kB
8.3kB
13
12
108.156.22.25:443

storage.pardot.com

tls

9.6kB
318.0kB
149
241
51.11.108.188:443

nav-edge.smartscreen.microsoft.com

tls

20.3kB
15.4kB
44
36
51.11.108.188:443

nav-edge.smartscreen.microsoft.com

tls

2.4kB
7.5kB
12
12
20.209.162.193:443

hexagon.blob.core.windows.net

tls

3.0kB
8.2kB
12
11
20.209.162.193:443

hexagon.blob.core.windows.net

tls

3.1kB
8.3kB
12
12
3.215.172.219:443

pi.pardot.com

tls

3.9kB
10.1kB
15
15
95.100.245.144:443

www.microsoft.com

tls

4.5kB
22.3kB
33
35
95.100.245.144:443

www.microsoft.com

tls

2.4kB
7.5kB
12
16
13.107.246.64:443

edgestatic.azureedge.net

tls

88.3kB
4.0MB
1766
2864
13.107.246.64:443

edgestatic.azureedge.net

tls

2.9kB
7.6kB
14
11
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.6kB
12
10
13.107.246.64:443

edgestatic.azureedge.net

tls

9.1kB
272.3kB
124
209
13.107.246.64:443

wcpstatic.microsoft.com

52 B
1
13.107.246.64:443

wcpstatic.microsoft.com

52 B
1
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.7kB
14
12
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.7kB
14
12
13.107.246.64:443

wcpstatic.microsoft.com

tls

5.3kB
91.0kB
53
78
13.107.246.64:443

edgestatic.azureedge.net

tls

3.2kB
8.2kB
15
17
92.123.142.57:443

www.bing.com

tls

2.6kB
5.2kB
14
13
92.123.142.57:443

www.bing.com

tls

2.5kB
946 B
8
8

8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
226 B
1
1

DNS Request

api.edgeoffer.microsoft.com

DNS Response

94.245.104.56
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
271 B
1
1

DNS Request

api.edgeoffer.microsoft.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
289 B
1
1

DNS Request

connect.hexagongeosystems.com

DNS Response

34.237.219.119

52.54.96.194

3.92.120.28

3.215.172.219

18.208.125.13
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
293 B
1
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

business.bing.com

dns

63 B
1

DNS Request

business.bing.com
8.8.8.8:53

business.bing.com

dns

63 B
1

DNS Request

business.bing.com
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

119.219.237.34.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

119.219.237.34.in-addr.arpa
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

56.104.245.94.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

56.104.245.94.in-addr.arpa

DNS Request

56.104.245.94.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

28.118.140.52.in-addr.arpa

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

2.20.12.87

2.20.12.101
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

hexagon.blob.core.windows.net

dns

75 B
131 B
1
1

DNS Request

hexagon.blob.core.windows.net

DNS Response

20.209.162.193
8.8.8.8:53

hexagon.blob.core.windows.net

dns

75 B
201 B
1
1

DNS Request

hexagon.blob.core.windows.net
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

storage.pardot.com

dns

64 B
170 B
1
1

DNS Request

storage.pardot.com

DNS Response

108.156.22.25

108.156.22.96

108.156.22.13

108.156.22.122
8.8.8.8:53

storage.pardot.com

dns

64 B
188 B
1
1

DNS Request

storage.pardot.com
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

87.12.20.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

87.12.20.2.in-addr.arpa
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
197 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.11.108.188
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
241 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
92.123.143.130:443

www.bing.com

https

12.0kB
671.8kB
114
540
8.8.8.8:53

25.22.156.108.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

25.22.156.108.in-addr.arpa
8.8.8.8:53

193.162.209.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

193.162.209.20.in-addr.arpa
8.8.8.8:53

188.108.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

188.108.11.51.in-addr.arpa
8.8.8.8:53

130.143.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

130.143.123.92.in-addr.arpa
8.8.8.8:53

57.110.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

57.110.18.2.in-addr.arpa
8.8.8.8:53

pi.pardot.com

dns

59 B
1

DNS Request

pi.pardot.com
8.8.8.8:53

pi.pardot.com

dns

59 B
1

DNS Request

pi.pardot.com
8.8.8.8:53

pi.pardot.com

dns

59 B
232 B
1
1

DNS Request

pi.pardot.com

DNS Response

3.215.172.219

34.237.219.119

3.92.120.28

18.208.125.13

52.54.96.194
8.8.8.8:53

pi.pardot.com

dns

59 B
236 B
1
1

DNS Request

pi.pardot.com
224.0.0.251:5353

204 B
3
8.8.8.8:53

219.172.215.3.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

219.172.215.3.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

144.245.100.95.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

144.245.100.95.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

2.18.109.131
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

140 B
144 B
2
1

DNS Request

58.55.71.13.in-addr.arpa

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
251 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

107.12.20.2.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

107.12.20.2.in-addr.arpa

DNS Request

107.12.20.2.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

75 B
1

DNS Request

connect.hexagongeosystems.com
8.8.8.8:53

connect.hexagongeosystems.com

dns

150 B
289 B
2
1

DNS Request

connect.hexagongeosystems.com

DNS Request

connect.hexagongeosystems.com

DNS Response

52.54.96.194

3.92.120.28

3.215.172.219

18.208.125.13

34.237.219.119
8.8.8.8:53

57.142.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

57.142.123.92.in-addr.arpa
8.8.8.8:53

88.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

88.65.42.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request