9ddd2984852b80fb41546e96a1c3414a55415050761a47633d28a4faeef7a3d1

Resubmissions

11/12/2024, 18:37 UTC

241211-w9f3rstpez 10

11/12/2024, 18:28 UTC

241211-w4jayatnat 10

Analysis

max time kernel
1688s
max time network
1693s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11/12/2024, 18:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fiddler.exe
Size

3.5MB
MD5

87bc17f56e744e74408e6ae8bb28b724
SHA1

3aa572388083ff00a95405d34d1189c99c7ff5be
SHA256

ffb24fc36ade87988f9908e848d0333ce7ffb2b4e4d0ffb43f6556246069d057
SHA512

cbeee155c97b87a22b92b808f86fee25c18db51ab43a36b657d532d2d47d3a7db2f4507a699b72af904bf6d5ed851d1ae1fcfb4833a57096e6c7787211c0f35d
SSDEEP

49152:cbvLSgf+VOdx3Vw5+mbSgwJKI0Qpvs3c2KTn4Xj9Bh:cTmgf+VOdc5vbSgwJKDP24Rf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EnableLoopback.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 1900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	Fiddler.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2090000000100000016000000301406082b0601050507030306082b060105050703086200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e12700b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000000f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 0f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	Fiddler.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C10BB76AD4EE815242406A1E3E1117FFEC743D4F	Fiddler.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\SystemCertificates\CA\Certificates\C10BB76AD4EE815242406A1E3E1117FFEC743D4F\Blob = 030000000100000014000000c10bb76ad4ee815242406a1e3e1117ffec743d4f140000000100000014000000259dd0fc59098663c5ecf3b1133b571c03923611040000000100000010000000e6eb41ad6404317af8a18b64f98c2bcf0f0000000100000020000000d9c7db0b704f07089440c56e69a0f31d730edf77cfbf7514630e8b5390a270fe1900000001000000100000008050a1c09667687456bd1c63be8f6fcb5c0000000100000004000000001000001800000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b44b0000000100000044000000390043004200340033003700330041003400320035003200440045003800440032003200310032003900320039003800330036003300300034004500430035005f0000002000000001000000ec060000308206e8308204d0a003020102021077bd0e05b7590bb61d4761531e3f75ed300d06092a864886f70d01010b05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303732383030303030305a170d3330303732383030303030305a305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e204743432052343520455620436f64655369676e696e67204341203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100cb20ef971eb9013243a05ba98a23fd205eae38128bca2cd4ff41d81a55d41953b7fda317e77a395cc0f7ce11a3f9a5ed01fab5ba93efaf93dcf8e2b3194c83b04a4450047884106aa4d696908e81f87cab2fb5a35733d2587b940e6d0fa591262ab3834f72b18a7b6492d0f0b4555f960b11e59ab52cb211cf251b7d512b981f49a35ff8139e35b80302daa4132f854aefc42f700ec1d4cc3312ecbd4095d311cae6cdb3059cc853eb52d7784c51019282de13f3078e74ba84809fd2a4150ee8afebf789f6df71f0d1bea7b241332075ccb1d5ed1d0719c4eb2677f2ab6d179349a9b7e6c3909cc6b8ecccc97b9a5ec5c52493636f7e108b61cf9855a324a28836f2f99fbe932eb2069f26c00c015612e1b28a9f0e1edc988b2ecfdae28934a61f26a0a8ae786deca188153cc2eaeeb7d8ad61a5af7036a2798edc0d73c0f1e42cab94ec5806393648d63b5ae822ce740eaf2cf115dad1b495e8acd5496de5afdd9b6b63205d8e7e3bb243d8623a94e5cdb498b3371924127273ab04b009dc85e6d42204ef402a1d2e6dc769d36eb7016c0de097a716e6268b88f70344865f62674cb5a737a855dc03368c6ecf6d3626f10e8fb03d71c0e132a782e4b6320232307cb593c821fd3c88e66963f8ee75c98bc2abefba3afde95ebfb611f1bef03dca323e6e7dde0f7e9b95c41287e71ab84eee2cc1dfa165e82483c92ac2fdb9530203010001a38201ad308201a9300e0603551d0f0101ff04040302018630130603551d25040c300a06082b0601050507030330120603551d130101ff040830060101ff020100301d0603551d0e04160414259dd0fc59098663c5ecf3b1133b571c03923611301f0603551d230418301680141f00bf46800afc7839b7a5b443d95650bbce963b30819306082b06010505070101048186308183303906082b06010505073001862d687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f636f64657369676e696e67726f6f74723435304606082b06010505073002863a687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f636f64657369676e696e67726f6f747234352e63727430410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f636f64657369676e696e67726f6f747234352e63726c30550603551d20044e304c304106092b06010401a03201023034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f3007060567810c0103300d06092a864886f70d01010b050003820201002575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5	Fiddler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e0b00000001000000800000004d006900630072006f0073006f006600740020004900640065006e007400690074007900200056006500720069006600690063006100740069006f006e00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079002000320030003200300000006200000001000000200000005367f20c7ade0e2bca790915056d086b720c33c1fa2a2661acf787e3292e1270090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a21d0000000100000010000000e78921f81cea4d4105d2b5f4afae0c78030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	Fiddler.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
572	msedge.exe
572	msedge.exe
1928	msedge.exe
1928	msedge.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
2100	msedge.exe
2100	msedge.exe
2120	identity_helper.exe
2120	identity_helper.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4804	Fiddler.exe
4612	msedge.exe
4612	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4804	Fiddler.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	Fiddler.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1928	4804	Fiddler.exe	81
PID 4804 wrote to memory of 1928	4804	Fiddler.exe	81
PID 1928 wrote to memory of 3368	1928	msedge.exe	82
PID 1928 wrote to memory of 3368	1928	msedge.exe	82
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 3864	1928	msedge.exe	84
PID 1928 wrote to memory of 572	1928	msedge.exe	85
PID 1928 wrote to memory of 572	1928	msedge.exe	85
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86
PID 1928 wrote to memory of 2112	1928	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\Fiddler.exe
"C:\Users\Admin\AppData\Local\Temp\Fiddler.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.getfiddler.com/r/?Win8EL
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca9d43cb8,0x7ffca9d43cc8,0x7ffca9d43cd8
    3⤵
    PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:4324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,17228562099184347047,10870408560424859030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4612
- C:\Users\Admin\AppData\Local\Temp\EnableLoopback.exe
  "C:\Users\Admin\AppData\Local\Temp\EnableLoopback.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:976

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

Network

DNS

api.getfiddler.com

msedge.exe

Remote address:

8.8.8.8:53

Request

api.getfiddler.com

IN A

Response

api.getfiddler.com

IN A

18.239.69.37

api.getfiddler.com

IN A

18.239.69.16

api.getfiddler.com

IN A

18.239.69.86

api.getfiddler.com

IN A

18.239.69.3
DNS

8.8.8.8.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

config.edge.skype.com

msedge.exe

Remote address:

8.8.8.8:53

Request

config.edge.skype.com

IN A

Response

config.edge.skype.com

IN CNAME

config.edge.skype.com.trafficmanager.net

config.edge.skype.com.trafficmanager.net

IN CNAME

l-0007.config.skype.com

l-0007.config.skype.com

IN CNAME

config-edge-skype.l-0007.l-msedge.net

config-edge-skype.l-0007.l-msedge.net

IN CNAME

l-0007.l-msedge.net

l-0007.l-msedge.net

IN A

13.107.42.16
DNS

ctldl.windowsupdate.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

download.windowsupdate.com.edgesuite.net

download.windowsupdate.com.edgesuite.net

IN CNAME

a767.dspw65.akamai.net

a767.dspw65.akamai.net

IN A

2.22.144.73

a767.dspw65.akamai.net

IN A

2.22.144.81
DNS

ocsp.digicert.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

wcpstatic.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

browser.events.data.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

browser.events.data.microsoft.com

IN A

Response

browser.events.data.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdeus03.eastus.cloudapp.azure.com

onedscolprdeus03.eastus.cloudapp.azure.com

IN A

20.42.73.24
DNS

144.245.100.95.in-addr.arpa

msedge.exe

Remote address:

8.8.8.8:53

Request

144.245.100.95.in-addr.arpa

IN PTR

Response

144.245.100.95.in-addr.arpa

IN PTR

a95-100-245-144deploystaticakamaitechnologiescom
GET

https://api.getfiddler.com/fc/latest?ver=5.0.20245.10105&tele=true&meta=true

Fiddler.exe

Remote address:

18.239.69.37:443

Request

GET /fc/latest?ver=5.0.20245.10105&tele=true&meta=true HTTP/1.1
User-Agent: Fiddler/5.0.20245.10105 (.NET 4.8; WinNT 10.0.22000.0; en-US; 8xAMD64; Auto Update; Full Instance; Extensions: APITesting, AutoSaveExt, EventLog, FiddlerOrchestraAddon, HostsFile, RulesTab2, SAZClipboardFactory, SimpleFilter, Timeline)
Pragma: no-cache
Host: api.getfiddler.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: close

Response

HTTP/1.1 200 OK

Content-Type: text/plain
Transfer-Encoding: chunked
Connection: close
Date: Wed, 11 Dec 2024 18:37:52 GMT
Signature: SignedHeaders=content-type;x-date, Signature=AAAAWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNsAzGwa7Q3iTZFqv3xYHemw/qxkwk0sIC/usJVi7713VJv0B1JbfuiDXxHfScNyyQjkuaHKtwbn5qUeHjFwpGbcx4pKUMlaS+V4X9ndhSwOsFT3btW1r7Zrnwf0pnzEl94mMXPZRShTVkOFbqs9gLA5gvRSProKnn/o81fil4jl
api-supported-versions: 1.0
Server: Kestrel
Content-Encoding: gzip
Vary: Accept-Encoding
X-Date: Wed, 11 Dec 2024 18:37:52 GMT
X-Cache: Miss from cloudfront
Via: 1.1 9dfbacf2c8a61beb17591bdaab142956.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P4
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: _sm0akz-TUAeS-GV-fmeVSsJQusZsTu_I3SIZ3J01_qi541SS2yF5A==
DNS

37.69.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

37.69.239.18.in-addr.arpa

IN PTR

Response

37.69.239.18.in-addr.arpa

IN PTR

server-18-239-69-37ams58r cloudfrontnet
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.69

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.4

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.73

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.67

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.71

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.23

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.75
DNS

blogs.msdn.microsoft.com

Remote address:

8.8.8.8:53

Request

blogs.msdn.microsoft.com

IN A

Response

blogs.msdn.microsoft.com

IN CNAME

msdn-redirection-arfxbpadcbf7ajba.z01.azurefd.net

msdn-redirection-arfxbpadcbf7ajba.z01.azurefd.net

IN CNAME

star-azurefd-prod.trafficmanager.net

star-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

learn.microsoft.com

Remote address:

8.8.8.8:53

Request

learn.microsoft.com

IN A

Response

learn.microsoft.com

IN CNAME

learn-public.trafficmanager.net

learn-public.trafficmanager.net

IN CNAME

learn.microsoft.com.edgekey.net

learn.microsoft.com.edgekey.net

IN CNAME

learn.microsoft.com.edgekey.net.globalredir.akadns.net

learn.microsoft.com.edgekey.net.globalredir.akadns.net

IN CNAME

e13636.dscb.akamaiedge.net

e13636.dscb.akamaiedge.net

IN A

95.100.246.21
DNS

js.monitor.azure.com

Remote address:

8.8.8.8:53

Request

js.monitor.azure.com

IN A

Response

js.monitor.azure.com

IN CNAME

aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net

aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net

IN CNAME

star-azurefd-prod.trafficmanager.net

star-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

24.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.73.42.20.in-addr.arpa

IN PTR

Response
DNS

nexusrules.officeapps.live.com

Remote address:

8.8.8.8:53

Request

nexusrules.officeapps.live.com

IN A

Response

nexusrules.officeapps.live.com

IN CNAME

prod.nexusrules.live.com.akadns.net

prod.nexusrules.live.com.akadns.net

IN A

52.111.227.11
GET

https://api.getfiddler.com/r/?Win8EL

Fiddler.exe

Remote address:

18.239.69.37:443

Request

GET /r/?Win8EL HTTP/2.0
host: api.getfiddler.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: https://blogs.msdn.microsoft.com/fiddler/2011/12/10/revisiting-fiddler-and-win8-immersive-applications
date: Wed, 11 Dec 2024 18:37:56 GMT
server: Kestrel
x-cache: Miss from cloudfront
via: 1.1 38ff23673937c3eba42a4eefb2007078.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: tTCX7gbeiE_MDPP5F9QjpF2-f2fvxShQrgEe5Xnh558mEt4j59SKgw==
GET

https://blogs.msdn.microsoft.com/fiddler/2011/12/10/revisiting-fiddler-and-win8-immersive-applications

Fiddler.exe

Remote address:

13.107.246.64:443

Request

GET /fiddler/2011/12/10/revisiting-fiddler-and-win8-immersive-applications HTTP/2.0
host: blogs.msdn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Wed, 11 Dec 2024 18:37:56 GMT
content-length: 0
cache-control: public,max-age=600
location: https://learn.microsoft.com/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications
strict-transport-security: max-age=2592000
request-context: appId=cid-v1:7e600cf7-f366-4fe9-bfba-d9b4d65b6970
x-content-type-options: nosniff
x-azure-ref: 20241211T183756Z-er1bd968f9chz4schC1LONg4cn0000000hag000000012ydz
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
x-cache-info: L1_T2
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mtps-redirect"}]}
GET

https://learn.microsoft.com/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-length: 0
location: /en-us/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241211T183756Z-er1bd968f9clxgzshC1LONkw7g0000000mh000000000n5mf
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
cache-control: max-age=0
expires: Wed, 11 Dec 2024 18:37:57 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Miss from child, NotCacheable from parent
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: /en-us/archive/blogs/content-removed
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241211T182554Z-er1bd968f9cnlwpphC1LONr40c0000001ds0000000003e8f
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
cache-control: public, max-age=1081
expires: Wed, 11 Dec 2024 18:55:58 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Redirect from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/archive/blogs/content-removed

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/archive/blogs/content-removed HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

content-length: 0
location: /en-us/archive/blogs/
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241211T182554Z-er1bd968f9c5s6kxhC1LONsug00000000ez00000000116w5
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
cache-control: public, max-age=1081
expires: Wed, 11 Dec 2024 18:55:58 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Redirect from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/archive/blogs/

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/archive/blogs/ HTTP/2.0
host: learn.microsoft.com
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 08 Feb 2024 09:41:10 GMT
etag: "tBOMSJegkVqVdLbNTSVk6m/nkyk="
content-type: text/html
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241113T034352Z-r1559f78f6bbdknlhC1LONm5440000000feg00000000kwsg
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7221
cache-control: public, max-age=367
expires: Wed, 11 Dec 2024 18:44:04 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/assets/0.4.028726178/styles/site-ltr.css

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /static/assets/0.4.028726178/styles/site-ltr.css HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 19:41:48 GMT
etag: 0x8DD03520C182A6E
x-ms-request-id: 487d8dd0-c01e-0065-23de-46abc9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T183757Z-er1bd968f9cnlwpphC1LONr40c0000001dhg00000001tyc4
x-fd-int-roxy-purgeid: 61262308
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-content-type-options: nosniff
accept-ranges: bytes
content-encoding: gzip
cache-control: max-age=31536000
expires: Thu, 11 Dec 2025 18:37:57 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
content-length: 579
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/assets/0.4.028726178/global/deprecation.js

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /static/assets/0.4.028726178/global/deprecation.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 19:40:06 GMT
etag: 0x8DD0351CF5C3D8C
x-ms-request-id: 4def9b3f-a01e-007e-5ddc-46855b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T183757Z-er1bd968f9clrxr9hC1LONgkss0000000bng0000000175dr
x-fd-int-roxy-purgeid: 61262308
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-content-type-options: nosniff
accept-ranges: bytes
content-encoding: gzip
cache-control: max-age=31536000
expires: Thu, 11 Dec 2025 18:37:57 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/assets/0.4.028726178/scripts/en-us/index-docs.js

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /static/assets/0.4.028726178/scripts/en-us/index-docs.js HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 19:40:42 GMT
etag: 0x8DD0351E4AD490A
x-ms-request-id: 70913f40-401e-0012-57de-462e88000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T183757Z-er1bd968f9cp27hkhC1LONpw340000001dag00000001s6az
x-fd-int-roxy-purgeid: 61262308
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-content-type-options: nosniff
accept-ranges: bytes
content-encoding: gzip
cache-control: max-age=31536000
expires: Thu, 11 Dec 2025 18:37:57 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/content-nav/site-header/site-header.json? HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-encoding: gzip
etag: "9CAC9QN2CdzA17lWnEk82tJRrp0="
last-modified: Tue, 05 Nov 2024 19:50:58 GMT
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241113T033914Z-r1559f78f6bq5pbhhC1LONqhuc0000000fgg00000000tppa
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-length: 1404
vary: Accept-Encoding
cache-control: public, max-age=295
expires: Wed, 11 Dec 2024 18:42:52 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/archive/blogs/toc.json

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/archive/blogs/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Tue, 20 Jun 2023 07:37:01 GMT
etag: "e4Cm9XHx94EKe1EqNdknBIMbsYM="
content-type: application/json
content-encoding: gzip
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241113T063755Z-r1559f78f6b7bl2jhC1LONn6ks00000002vg00000000v74n
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-length: 487
vary: Accept-Encoding
cache-control: public, max-age=82
expires: Wed, 11 Dec 2024 18:39:19 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/archive/blogs/bread/toc.json

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/archive/blogs/bread/toc.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Thu, 08 Feb 2024 09:36:08 GMT
etag: "vZEK/V3FhryIycKOVEgnmm7gnoM="
content-type: application/json
content-encoding: gzip
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241113T034354Z-r1559f78f6bfvqnphC1LONcveg0000000c3000000000wc2p
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-length: 151626
vary: Accept-Encoding
cache-control: public, max-age=82
expires: Wed, 11 Dec 2024 18:39:19 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/banners/index.json

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/banners/index.json HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
content-encoding: gzip
etag: "3ROAb2SuHnLF9qo4dcw8ZkVeDxE="
last-modified: Tue, 10 Dec 2024 22:11:11 GMT
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241210T221735Z-er1bd968f9cz69zfhC1LONywen0000000kcg000000008pd9
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-length: 5128
vary: Accept-Encoding
cache-control: public, max-age=210
expires: Wed, 11 Dec 2024 18:41:27 GMT
date: Wed, 11 Dec 2024 18:37:57 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/static/assets/0.4.028726178/styles/docons.a1ef6ef.34a85e0c.woff2

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /static/assets/0.4.028726178/styles/docons.a1ef6ef.34a85e0c.woff2 HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
origin: https://learn.microsoft.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
dnt: 1
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://learn.microsoft.com/static/assets/0.4.028726178/styles/site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=92956607-5ae5-4125-9755-6dc52d751dc0
cookie: ai_session=fwPJ+sIGZKg3dNgi/S8U/Q|1733942277227|1733942277227

Response

HTTP/2.0 200

content-type: font/woff2
content-length: 19696
last-modified: Tue, 12 Nov 2024 19:40:06 GMT
etag: 0x8DD0351CF856A54
x-ms-request-id: 4afae7f2-d01e-0094-127c-357a5a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241113T033240Z-r1559f78f6bhxrkshC1LONk5gs0000000fh00000000057yb
x-fd-int-roxy-purgeid: 61262308
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
x-content-type-options: nosniff
accept-ranges: bytes
cache-control: max-age=29062457
expires: Thu, 13 Nov 2025 03:32:15 GMT
date: Wed, 11 Dec 2024 18:37:58 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /en-us/media/event-banners/banner-learn-challenge-2024.jpg HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/static/assets/0.4.028726178/styles/site-ltr.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=92956607-5ae5-4125-9755-6dc52d751dc0
cookie: ai_session=fwPJ+sIGZKg3dNgi/S8U/Q|1733942277227|1733942277227

Response

HTTP/2.0 200

last-modified: Mon, 04 Nov 2024 14:50:18 GMT
etag: "+vU7xkjugqC94aYy6QMSMCDVUXE="
content-type: image/jpeg
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241113T035540Z-r1559f78f6bfvqnphC1LONcveg0000000c200000000140be
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-length: 64291
cache-control: public, max-age=1275
expires: Wed, 11 Dec 2024 18:59:13 GMT
date: Wed, 11 Dec 2024 18:37:58 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://learn.microsoft.com/favicon.ico

Fiddler.exe

Remote address:

95.100.246.21:443

Request

GET /favicon.ico HTTP/2.0
host: learn.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://learn.microsoft.com/en-us/archive/blogs/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MicrosoftApplicationsTelemetryDeviceId=92956607-5ae5-4125-9755-6dc52d751dc0
cookie: ai_session=fwPJ+sIGZKg3dNgi/S8U/Q|1733942277227|1733942277227

Response

HTTP/2.0 200

etag: W/"4316-19321e2e838"
last-modified: Tue, 12 Nov 2024 19:38:59 GMT
content-security-policy: default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net h64.online-metrix.net;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net try-ppe.dot.net afd-markdowneditor-public-bvaydge8egfggtbs.b01.azurefd.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com aznb-ame-prod.azureedge.net;form-action 'self' *.microsoft.com *.azure.cn *.pearsonvue.com;media-src 'self' blob: *.microsoft.com *.azure.cn videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net videoencodingpubdevwus.blob.core.windows.net videoencodingpublicwus.blob.core.windows.net;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
x-buildversion: 0.4.028726178
x-azure-ref: 20241211T063921Z-17964fc66b7xhvrdhC1DUS31g800000000wg000000008yt9
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://mdec.nelreports.net/api/report?cat=mdocs"}]}
content-type: image/vnd.microsoft.icon
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 540
cache-control: public, max-age=561509
expires: Wed, 18 Dec 2024 06:36:27 GMT
date: Wed, 11 Dec 2024 18:37:58 GMT
akamai-cache-status: Hit from child
strict-transport-security: max-age=31536000; includeSubDomains; preload
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

ocsp.globalsign.com

Remote address:

8.8.8.8:53

Request

ocsp.globalsign.com

IN A

Response

ocsp.globalsign.com

IN CNAME

global.prd.cdn.globalsign.com

global.prd.cdn.globalsign.com

IN CNAME

prod.globalsign.map.fastly.net

prod.globalsign.map.fastly.net

IN A

151.101.2.133

prod.globalsign.map.fastly.net

IN A

151.101.66.133

prod.globalsign.map.fastly.net

IN A

151.101.194.133

prod.globalsign.map.fastly.net

IN A

151.101.130.133
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdeus01.eastus.cloudapp.azure.com

onedscolprdeus01.eastus.cloudapp.azure.com

IN A

52.168.112.66
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

secure.globalsign.com

Remote address:

8.8.8.8:53

Request

secure.globalsign.com

IN A

Response

secure.globalsign.com

IN CNAME

global.prd.cdn.globalsign.com

global.prd.cdn.globalsign.com

IN CNAME

cdn.globalsigncdn.com.cdn.cloudflare.net

cdn.globalsigncdn.com.cdn.cloudflare.net

IN A

104.18.20.226

cdn.globalsigncdn.com.cdn.cloudflare.net

IN A

104.18.21.226
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
DNS

66.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.112.168.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

21.246.100.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.246.100.95.in-addr.arpa

IN PTR

Response

21.246.100.95.in-addr.arpa

IN PTR

a95-100-246-21deploystaticakamaitechnologiescom
DNS

133.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.2.101.151.in-addr.arpa

IN PTR

Response
GET

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

Fiddler.exe

Remote address:

13.107.246.64:443

Request

GET /mscc/lib/v2/wcp-consent.js HTTP/2.0
host: wcpstatic.microsoft.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 11 Dec 2024 18:37:57 GMT
content-type: application/javascript
content-length: 81726
content-encoding: gzip
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 19905
cache-control: max-age=43200
content-md5: X1JOIM5h9UISVFS6+GfEew==
etag: 0x8DA85F6EA62BF74
last-modified: Wed, 24 Aug 2022 17:34:36 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: d79901ac-001e-008f-4bcd-4b49b5000000
x-ms-version: 2009-09-19
x-azure-ref: 20241211T183757Z-er1bd968f9cxmjbjhC1LONsm600000000y2g00000000eg24
accept-ranges: bytes
GET

https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js

Fiddler.exe

Remote address:

13.107.246.64:443

Request

GET /scripts/c/ms.jsll-4.min.js HTTP/2.0
host: js.monitor.azure.com
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 11 Dec 2024 18:37:57 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: no-transform, public, max-age=1800, immutable
last-modified: Mon, 14 Oct 2024 17:27:31 GMT
x-ms-request-id: caeca2cf-801e-00ce-316c-40fccf000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 4.3.3
x-ms-meta-jssdksrc: [cdn]/scripts/c/ms.jsll-4.3.3.min.js
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,x-ms-meta-jssdksrc,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20241211T183757Z-er1bd968f9cmwckmhC1LONry880000000b2000000000860r
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
content-encoding: br
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Wed, 11 Dec 2024 18:37:59 GMT
OPTIONS

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
accept: */*
access-control-request-method: POST
access-control-request-headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
origin: https://learn.microsoft.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://learn.microsoft.com
date: Wed, 11 Dec 2024 18:38:03 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 4092
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942278239
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: use-collector-delta
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931; Domain=.microsoft.com; Expires=Thu, 11 Dec 2025 18:37:59 GMT; Path=/;Secure; SameSite=None
set-cookie: MS0=37812b795fde4a6e8eb225314b762071; Domain=.microsoft.com; Expires=Wed, 11 Dec 2024 19:07:59 GMT; Path=/;Secure; SameSite=None
time-delta-millis: 1692
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:37:59 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 4048
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942279317
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: 1692
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931
cookie: MS0=37812b795fde4a6e8eb225314b762071

Response

HTTP/2.0 200

content-length: 153
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 817
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:37:59 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2252
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942282828
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: 1692
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931
cookie: MS0=37812b795fde4a6e8eb225314b762071

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 916
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:38:02 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2254
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942299373
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: 1692
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931
cookie: MS0=37812b795fde4a6e8eb225314b762071

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 808
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:38:19 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2277
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942301064
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: 1692
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931
cookie: MS0=37812b795fde4a6e8eb225314b762071

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 820
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:38:20 GMT
POST

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

Fiddler.exe

Remote address:

20.42.73.24:443

Request

POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0 HTTP/2.0
host: browser.events.data.microsoft.com
content-length: 2253
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
upload-time: 1733942303104
dnt: 1
sec-ch-ua-mobile: ?0
client-version: 1DS-Web-JS-4.3.3
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
time-delta-to-apply-millis: 1692
content-type: application/x-json-stream
cache-control: no-cache, no-store
apikey: c6c27850c9c24cbfae921778d2465031-4c28c161-db47-426b-9d28-733d45d05dd9-7278
client-id: NO_AUTH
accept: */*
origin: https://learn.microsoft.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://learn.microsoft.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: MC1=GUID=065dc4497e684ee98ee95e0c3f9709d6&HASH=065d&LV=202412&V=4&LU=1733942279931
cookie: MS0=37812b795fde4a6e8eb225314b762071

Response

HTTP/2.0 200

content-length: 24
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
time-delta-millis: 812
access-control-allow-headers: time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://learn.microsoft.com
access-control-expose-headers: time-delta-millis
date: Wed, 11 Dec 2024 18:38:22 GMT
GET

http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl

Fiddler.exe

Remote address:

95.100.245.144:80

Request

GET /pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 913
Content-Type: application/octet-stream
Content-MD5: Tnn4rUHdqiwVudxqy5WC3Q==
Last-Modified: Mon, 18 Nov 2024 23:29:49 GMT
ETag: 0x8DD0828E56064FF
x-ms-request-id: 3f9bf8d9-f01e-005c-5617-3a02b2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 11 Dec 2024 18:38:30 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV1db72b3b.0
ms-cv-esi: CASMicrosoftCV1db72b3b.0
X-RTag: RT
GET

http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl

Fiddler.exe

Remote address:

95.100.245.144:80

Request

GET /pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 784
Content-Type: application/octet-stream
Content-MD5: 3D7bHph3DXx7YGJ01VMrTw==
Last-Modified: Fri, 15 Nov 2024 23:28:25 GMT
ETag: 0x8DD05CD343D7B3D
x-ms-request-id: db7c452f-401e-0076-08b6-37dda2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Wed, 11 Dec 2024 18:38:30 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV1db72cdb.0
ms-cv-esi: CASMicrosoftCV1db72cdb.0
X-RTag: RT

18.239.69.37:443

https://api.getfiddler.com/fc/latest?ver=5.0.20245.10105&tele=true&meta=true

tls, http

Fiddler.exe

1.2kB
8.9kB
11
15

HTTP Request

GET https://api.getfiddler.com/fc/latest?ver=5.0.20245.10105&tele=true&meta=true

HTTP Response

200
18.239.69.37:443

api.getfiddler.com

tls

Fiddler.exe

1.2kB
7.0kB
10
11
18.239.69.37:443

https://api.getfiddler.com/r/?Win8EL

tls, http2

Fiddler.exe

1.7kB
7.3kB
13
16

HTTP Request

GET https://api.getfiddler.com/r/?Win8EL

HTTP Response

301
13.107.246.64:443

https://blogs.msdn.microsoft.com/fiddler/2011/12/10/revisiting-fiddler-and-win8-immersive-applications

tls, http2

Fiddler.exe

2.5kB
9.3kB
16
20

HTTP Request

GET https://blogs.msdn.microsoft.com/fiddler/2011/12/10/revisiting-fiddler-and-win8-immersive-applications

HTTP Response

301
95.100.246.21:443

https://learn.microsoft.com/favicon.ico

tls, http2

Fiddler.exe

19.2kB
874.1kB
359
679

HTTP Request

GET https://learn.microsoft.com/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications

HTTP Response

302

HTTP Request

GET https://learn.microsoft.com/en-us/archive/blogs/fiddler/revisiting-fiddler-and-win8-immersive-applications

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/archive/blogs/content-removed

HTTP Response

301

HTTP Request

GET https://learn.microsoft.com/en-us/archive/blogs/

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/static/assets/0.4.028726178/styles/site-ltr.css

HTTP Request

GET https://learn.microsoft.com/static/assets/0.4.028726178/global/deprecation.js

HTTP Request

GET https://learn.microsoft.com/static/assets/0.4.028726178/scripts/en-us/index-docs.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json?

HTTP Request

GET https://learn.microsoft.com/en-us/archive/blogs/toc.json

HTTP Request

GET https://learn.microsoft.com/en-us/archive/blogs/bread/toc.json

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/banners/index.json

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/static/assets/0.4.028726178/styles/docons.a1ef6ef.34a85e0c.woff2

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/en-us/media/event-banners/banner-learn-challenge-2024.jpg

HTTP Response

200

HTTP Request

GET https://learn.microsoft.com/favicon.ico

HTTP Response

200
13.107.246.64:443

https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

tls, http2

Fiddler.exe

3.9kB
91.4kB
50
77

HTTP Request

GET https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js

HTTP Response

200
13.107.246.64:443

https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js

tls, http2

Fiddler.exe

4.3kB
103.5kB
59
86

HTTP Request

GET https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js

HTTP Response

200
20.42.73.24:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

tls, http2

Fiddler.exe

2.5kB
7.7kB
14
14

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

OPTIONS https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

HTTP Response

200
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888
20.42.73.24:443

https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

tls, http2

Fiddler.exe

22.0kB
9.4kB
39
28

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

HTTP Response

200

HTTP Request

POST https://browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&ext.intweb.msfpc=GUID%3D065dc4497e684ee98ee95e0c3f9709d6%26HASH%3D065d%26LV%3D202412%26V%3D4%26LU%3D1733942279931&w=0

HTTP Response

200
127.0.0.1:8888
127.0.0.1:8888
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888

msedge.exe
95.100.245.144:80

http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl

http

Fiddler.exe

754 B
3.0kB
8
7

HTTP Request

GET http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl

HTTP Response

200

HTTP Request

GET http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl

HTTP Response

200
127.0.0.1:8888

Fiddler.exe
127.0.0.1:8888

msedge.exe
127.0.0.1:8888
127.0.0.1:8888

msedge.exe

8.8.8.8:53

api.getfiddler.com

dns

msedge.exe

550 B
1.5kB
8
8

DNS Request

api.getfiddler.com

DNS Response

18.239.69.37

18.239.69.16

18.239.69.86

18.239.69.3

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

config.edge.skype.com

DNS Response

13.107.42.16

DNS Request

ctldl.windowsupdate.com

DNS Response

2.22.144.73

2.22.144.81

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

DNS Request

browser.events.data.microsoft.com

DNS Response

20.42.73.24

DNS Request

144.245.100.95.in-addr.arpa
224.0.0.251:5353

msedge.exe

1.0kB
16
8.8.8.8:53

37.69.239.18.in-addr.arpa

dns

478 B
1.6kB
7
7

DNS Request

37.69.239.18.in-addr.arpa

DNS Request

login.live.com

DNS Response

20.190.159.64

40.126.31.69

20.190.159.4

40.126.31.73

40.126.31.67

40.126.31.71

20.190.159.23

20.190.159.75

DNS Request

blogs.msdn.microsoft.com

DNS Response

13.107.246.64

DNS Request

learn.microsoft.com

DNS Response

95.100.246.21

DNS Request

js.monitor.azure.com

DNS Response

13.107.246.64

DNS Request

24.73.42.20.in-addr.arpa

DNS Request

nexusrules.officeapps.live.com

DNS Response

52.111.227.11
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

213 B
554 B
3
3

DNS Request

64.159.190.20.in-addr.arpa

DNS Request

ocsp.globalsign.com

DNS Response

151.101.2.133

151.101.66.133

151.101.194.133

151.101.130.133

DNS Request

self.events.data.microsoft.com

DNS Response

52.168.112.66
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

209 B
473 B
3
3

DNS Request

73.144.22.2.in-addr.arpa

DNS Request

secure.globalsign.com

DNS Response

104.18.20.226

104.18.21.226

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

207 B
534 B
3
3

DNS Request

64.246.107.13.in-addr.arpa

DNS Request

www.microsoft.com

DNS Response

95.100.245.144

DNS Request

66.112.168.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

145 B
278 B
2
2

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

21.246.100.95.in-addr.arpa

dns

144 B
269 B
2
2

DNS Request

21.246.100.95.in-addr.arpa

DNS Request

133.2.101.151.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3762575fecdc42643b73733441993068

SHA1
7d1636ef23eacb77b417d52ff7a7f237e35d9a6d

SHA256
e7076e688b33b659b4b6158ea83c95b177e2cc30fd8f89e0ca73c7ec47ad5534

SHA512
f424b3fe3ce9ff74462768fab91314af6e84eaf79662a89f506b4af09f86769b24526a9ec54de0c2d60f012c39ec6b76a2018c93e2d0b73a52f831ec17cf3dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
595B

MD5
71cebabc1e80c4739046127b6a2e93a1

SHA1
10f10fa243012807248b3c6bfa832439de4e3126

SHA256
be9e174e336200b5249c9cd19b05fe3b38f4e2888b5727c6204a8f7c017df6b6

SHA512
e9c9749978dbbccf3ca071f7754170380826d02ab0f6bd89b5c87f37fe0d29175a7998f3c82dda773643b91596ccc55d8045a8d077de790c844dbfa8e3b95823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
890772b89065106700868972cda04d91

SHA1
95ae0a5987673b1976a3a01cd6d049413cc72629

SHA256
26d2b311f3b3e9dd8b3379c2840f57044bc5a4ab1ba2a80bcb0dc3a28ff5ce7f

SHA512
0edc68c0b5881c9a1a9a71f8a580b0b6d9a8e2b5a8381c77b5cc763ee70a945fe7c37109a26ed694b823f64d75b7b748e217666600a2716d0537edeb2d229e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e1e9d88331d449056e4cb1e6c672457

SHA1
016af7a13386769f2750c612eb975b673a2006d4

SHA256
2491cf81722f29c7ba1897f6e34271f6d6998560f121da94a1de4eeb7ca9f7d6

SHA512
035aa5b4352c2c5ea606de7553fd42ea63648dd0db533c608ddda78f9a9c42930f26314a9b0fadb0ef39ffedbfb15480b16ba79d35c80e171ff8377ce04e0122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d312c9e7c52ff271c773f767ff720c2e

SHA1
8a9a6ade71823d254a0304973a3d7710c4de2848

SHA256
c75b833ebb732b9ead83a2125b158f5f9dc823ab70e3b558fd9ee569b1908608

SHA512
22dfd915747de2e13015b2e49e6c50713e9ec1c9a3d6007f6b4255db0bf8420e99ab68e5b011b5996433021daaeef6aacfdead51b321b9b46de549fb9293f940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583227.TMP

Filesize
539B

MD5
21c608020c79063e31de623c94a18e7d

SHA1
158b903c79f8137afaf8b5b06703537f02aa1211

SHA256
4c5540807db6394f53ceb61b3626d729ecd37540de2c43c4eb8450c08fa4af3e

SHA512
ef735f9d421b70fdb70661e22ea832c60e3be2b6ec574b0db1bc58a0bab516f1caad3b9798047aa30f9425b07f3ceb0da6defbc0cf0be4d08bc71f9659ed440f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8f014f0da208f8b910e12593b60d9ff6

SHA1
3633c881d9829a9d95e1dd45cfbf9446f0ad90cc

SHA256
764520d8dd02a77579d2e0e88c6e7a64fabb9de9b292f2ca22876f9c2059b4b1

SHA512
f8ca6e02f74e135c19b53efb5e439eefd0e64dd09b98ac0798bbed47af5e78901c27d12cb5c2ed7963c8d9fc01d70783b78c36d221fd107b42e489a7838ba3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4a9e6ad0e979ce3c2eac7765842ae805

SHA1
4d25786567a0f6d0166b055e8ec53d045ef18aeb

SHA256
b093dde905c6560cad9fb3ff12fef3a26716c486454c070d5d96d31d96a1d758

SHA512
6b2890c687ec7211625cc1e68325ee9c8b6604a88ef55c3f2c724c3abf056543d006e56b29c887086168720686e4f51182019728d509bf7c36b1b5f38f8ffbe5

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\dduzaazg.newcfg

Filesize
1KB

MD5
8a49925b2ed0098f1709a1298f886f4b

SHA1
9679c057d1b110624dd4534759d724a4431cdbbf

SHA256
8654d616f450e62306ccbfbe08e9194f1c14df799fdd0b6d7378e8d247b51b63

SHA512
9e5ed87255e34a9df45e45a4d3c495a95640c737f698b7253e6dee3f3aa1f5cb3b158a2125d5abb480be7e196b1f9162097ba713f19451a4634b71d8e40dcb14

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\gl0xuuzi.newcfg

Filesize
1KB

MD5
8be0891196af8c12401496fed708db13

SHA1
9427cfc1691dc71bf560fa3100a5f31e66e32690

SHA256
68a6a4f13debd20c958bd5f5115a119fac6aa55b573442e02521e511101a3ea0

SHA512
255e5cf5340d250a8fef7b6a72bd8f308ec559178ea9f930d5dd57dfdde00e6c572b2369266930da546a574c196e79c1809a83f5bdbde0feceb2642a32974935

Download Submit
C:\Users\Admin\AppData\Local\Progress_Software_Corpora\Fiddler.exe_Url_sblwdlp4jxb3bmuxfbi1zl1jd5acanau\5.0.20245.10105\user.config

Filesize
966B

MD5
67ee6dd965dc6c692dd0f810affbb09b

SHA1
e93ec78d1dd0d066e92f2ed9b4bee25046811b55

SHA256
14c7fcbe71449c51a23fab4ccd661f5bc53fe9d0aba633f0e1dbcf3492574d70

SHA512
1a880967daa9f8f6f6c15d9bdd67b60a058fa61693519da9059ead7a266979a41456e72a2d3558c26052eb610eb9c264369db8ec39f7edf42ebca778c29a5417

Download Submit
memory/976-207-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/976-206-0x00000000055F0000-0x0000000005682000-memory.dmp

Filesize
584KB

Download
memory/976-205-0x0000000005CE0000-0x0000000006286000-memory.dmp

Filesize
5.6MB

Download
memory/976-204-0x0000000000AA0000-0x0000000000AB8000-memory.dmp

Filesize
96KB

Download
memory/4804-81-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-12-0x0000023FED0B0000-0x0000023FED0C0000-memory.dmp

Filesize
64KB

Download
memory/4804-26-0x0000023FED370000-0x0000023FED3C0000-memory.dmp

Filesize
320KB

Download
memory/4804-27-0x00007FFCAE873000-0x00007FFCAE875000-memory.dmp

Filesize
8KB

Download
memory/4804-30-0x0000023FEDCD0000-0x0000023FEDD82000-memory.dmp

Filesize
712KB

Download
memory/4804-0-0x00007FFCAE873000-0x00007FFCAE875000-memory.dmp

Filesize
8KB

Download
memory/4804-18-0x0000023FED320000-0x0000023FED346000-memory.dmp

Filesize
152KB

Download
memory/4804-19-0x0000023FED2C0000-0x0000023FED2CE000-memory.dmp

Filesize
56KB

Download
memory/4804-21-0x0000023FEE0E0000-0x0000023FEE686000-memory.dmp

Filesize
5.6MB

Download
memory/4804-13-0x0000023FED490000-0x0000023FED66A000-memory.dmp

Filesize
1.9MB

Download
memory/4804-56-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-70-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-80-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-17-0x0000023FED2B0000-0x0000023FED2BC000-memory.dmp

Filesize
48KB

Download
memory/4804-82-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-22-0x0000023FED2F0000-0x0000023FED2F8000-memory.dmp

Filesize
32KB

Download
memory/4804-11-0x0000023FED0C0000-0x0000023FED0D2000-memory.dmp

Filesize
72KB

Download
memory/4804-10-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-9-0x0000023FED0F0000-0x0000023FED132000-memory.dmp

Filesize
264KB

Download
memory/4804-8-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-7-0x0000023FEC6B0000-0x0000023FEC6BC000-memory.dmp

Filesize
48KB

Download
memory/4804-6-0x0000023FED000000-0x0000023FED04A000-memory.dmp

Filesize
296KB

Download
memory/4804-5-0x0000023FEC6A0000-0x0000023FEC6AC000-memory.dmp

Filesize
48KB

Download
memory/4804-4-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-3-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-2-0x00007FFCAE870000-0x00007FFCAF332000-memory.dmp

Filesize
10.8MB

Download
memory/4804-20-0x0000023FEDA70000-0x0000023FEDB2A000-memory.dmp

Filesize
744KB

Download
memory/4804-14-0x0000023FED2D0000-0x0000023FED2EA000-memory.dmp

Filesize
104KB

Download
memory/4804-15-0x0000023FED0E0000-0x0000023FED0EA000-memory.dmp

Filesize
40KB

Download
memory/4804-16-0x0000023FED140000-0x0000023FED148000-memory.dmp

Filesize
32KB

Download
memory/4804-1-0x0000023FE6B30000-0x0000023FE6EB4000-memory.dmp

Filesize
3.5MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request