56a1a173f76a5fee97f305f38fe3471037a51e8204ffff2feeb9bbee7a70dcb1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 09:09 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaba21ce9cb8d522ed480cdc1a1468b0_JaffaCakes118.html
Size

6KB
MD5

eaba21ce9cb8d522ed480cdc1a1468b0
SHA1

5f52e2306c00ae2a398caba0d5f65d5d27c68ba4
SHA256

56a1a173f76a5fee97f305f38fe3471037a51e8204ffff2feeb9bbee7a70dcb1
SHA512

82fc37643f0314e1001152c15714753925df9e55b75f26273088edc161d5836846dc5c73d2eef536e867889677e21922665e0151c791481ebd4c65421aaa7e41
SSDEEP

96:u48g31I9Dt0fphAYVO5hLQDuWJH5juQy9yHy8yfBj6Q:uEoDOfpO26WJH5oj/

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eaba21ce9cb8d522ed480cdc1a1468b0_JaffaCakes118.html
1⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5816 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
1⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5832 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
1⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4020 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1
1⤵
PID:1332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5444 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:1160

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com

prod-agic-uw-1.ukwest.cloudapp.azure.com

IN A

51.140.242.104
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

premiumgoods.net

Remote address:

8.8.8.8:53

Request

premiumgoods.net

IN A

Response

premiumgoods.net

IN A

3.33.130.190

premiumgoods.net

IN A

15.197.148.33
DNS

premiumgoods.net

Remote address:

8.8.8.8:53

Request

premiumgoods.net

IN Unknown

Response
DNS

www.premiumgoods.net

Remote address:

8.8.8.8:53

Request

www.premiumgoods.net

IN A

Response

www.premiumgoods.net

IN CNAME

premiumgoods.net

premiumgoods.net

IN A

3.33.130.190

premiumgoods.net

IN A

15.197.148.33
DNS

www.premiumgoods.net

Remote address:

8.8.8.8:53

Request

www.premiumgoods.net

IN Unknown

Response

www.premiumgoods.net

IN CNAME

premiumgoods.net
GET

http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/style.css

Remote address:

3.33.130.190:80

Request

GET /blog/wp-content/themes/whiteboard/whiteboard%202.0.1/style.css HTTP/1.1
Host: premiumgoods.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Wed, 10 Apr 2024 09:09:14 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
GET

http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/images/bigpenguin.gif

Remote address:

3.33.130.190:80

Request

GET /blog/wp-content/themes/whiteboard/whiteboard%202.0.1/images/bigpenguin.gif HTTP/1.1
Host: premiumgoods.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Wed, 10 Apr 2024 09:09:14 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

104.109.143.23

a416.dscd.akamai.net

IN A

104.109.143.24
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
GET

http://www.premiumgoods.net/blog/picts/jordan9kilroy.jpg

Remote address:

3.33.130.190:80

Request

GET /blog/picts/jordan9kilroy.jpg HTTP/1.1
Host: www.premiumgoods.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Wed, 10 Apr 2024 09:09:14 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

104.242.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.242.140.51.in-addr.arpa

IN PTR

Response
DNS

187.173.246.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.173.246.72.in-addr.arpa

IN PTR

Response

187.173.246.72.in-addr.arpa

IN PTR

a72-246-173-187deploystaticakamaitechnologiescom
DNS

190.130.33.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

190.130.33.3.in-addr.arpa

IN PTR

Response

190.130.33.3.in-addr.arpa

IN PTR

a2aa9ff50de748dbeawsglobalacceleratorcom
DNS

23.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.143.109.104.in-addr.arpa

IN PTR

Response

23.143.109.104.in-addr.arpa

IN PTR

a104-109-143-23deploystaticakamaitechnologiescom
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.53.113.225
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus16.centralus.cloudapp.azure.com

onedsblobprdcus16.centralus.cloudapp.azure.com

IN A

104.208.16.94
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

104.208.16.94:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAbRG0vKmbP7b2FPuWur9uVNl3TGRa4iE2K0nw9nIknKcR8kIFDLMNaGnFhpd47bLaNNAqWJmqVxVOrPW1hSRS7GCV2W+AgSyTGaVuhLLkVN2j4xxXtdKH2Qj/CrsZ3L4/pSceUP/Snco8FpMYo9wfHy4Jr+j84ioEGGUCAzHomPxMtnN3pZZglkdgJtVxmJXz/Q0ltrRmnvb8UVOKUvlDSf0lEN1wp8abGEIN1KJFa9ou6oR42nDDvIdVbtrH70Xcxz6sglhacWqlCb0JWeRhlZOc7rHcys71m2hAkIpQEXcuvNwuEAMhnJfU9f/qzBwyadyi4VZ8wqAlNXR79MwjxoDZgAACNx9zTk4E6k/iAGrQJOtviswDZDCAeGh1y0NrlPt3ayQrrMAFCLlollVVpf3A8hHPVdhorc8k2L59+M6ctuYg2nxMdBfnvbB4el396hfuEUT9bp+osxtZcnCQy9DTqgjiZ7U1piU7V+bf3oOhH8W96o7d+MF3JWibD/sh2urNYFLycqGynJ71sCi86/YOEWiMtYwMuFtTlWzIjAORn8lRgjr61bKdpYUVyuO8OdNjzcZSd6hEp6/sL8dxAmnvRszZ7mpVcW4oFYLyxWIn1dEhf72X5bV0UeGiZVepCIOFzCwJJ/NHoKYEUHjEDSduzoAjL3c+gebACi/2xpDYkf43KhPKkzCV6347enOJUUE+yLi2zo7RAO1QrQI1XolbXkPoE7w3pQMx6ukCwlCbQLVR57j3sflC1oqjhkkz9yeavKLJbcQuXbDwhinlR5XfyoPUbmb4eysl/xgCBYZRyF/GRv1RFyv+FmBfbdcCYpipYj5CKsC6ngR50dE9VO1ibHGWNe6fqEQ9W0RL7eLOm0qLpeBKbgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Wed, 10 Apr 2024 09:09:35 GMT
DNS

94.16.208.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.16.208.104.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

17.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.143.109.104.in-addr.arpa

IN PTR

Response

17.143.109.104.in-addr.arpa

IN PTR

a104-109-143-17deploystaticakamaitechnologiescom
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.213.10

chromewebstore.googleapis.com

IN A

172.217.169.10

chromewebstore.googleapis.com

IN A

216.58.212.202

chromewebstore.googleapis.com

IN A

216.58.212.234

chromewebstore.googleapis.com

IN A

172.217.169.74

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

176.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.61.62.23.in-addr.arpa

IN PTR

Response

176.61.62.23.in-addr.arpa

IN PTR

a23-62-61-176deploystaticakamaitechnologiescom
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

160.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.61.62.23.in-addr.arpa

IN PTR

Response

160.61.62.23.in-addr.arpa

IN PTR

a23-62-61-160deploystaticakamaitechnologiescom
DNS

27.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.73.42.20.in-addr.arpa

IN PTR

Response

13.107.6.158:443

business.bing.com

tls

2.0kB
10.0kB
18
24
51.140.242.104:443

nav-edge.smartscreen.microsoft.com

tls

10.6kB
12.7kB
30
29
72.246.173.187:443

www.microsoft.com

tls

2.8kB
22.5kB
26
36
3.33.130.190:80

http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/style.css

http

598 B
431 B
5
4

HTTP Request

GET http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/style.css

HTTP Response

200
3.33.130.190:80

http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/images/bigpenguin.gif

http

656 B
431 B
5
4

HTTP Request

GET http://premiumgoods.net/blog/wp-content/themes/whiteboard/whiteboard%202.0.1/images/bigpenguin.gif

HTTP Response

200
3.33.130.190:80

http://www.premiumgoods.net/blog/picts/jordan9kilroy.jpg

http

614 B
431 B
5
4

HTTP Request

GET http://www.premiumgoods.net/blog/picts/jordan9kilroy.jpg

HTTP Response

200
104.109.143.23:443

bzib.nelreports.net

tls

2.5kB
6.0kB
13
15
13.107.246.64:443

edgestatic.azureedge.net

tls

884 B
311 B
6
5
13.107.246.64:443

edgestatic.azureedge.net

tls

90.1kB
4.4MB
1834
3212
13.107.246.64:443

edgestatic.azureedge.net

tls

852 B
271 B
6
4
104.208.16.94:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
13.107.246.64:443

edgestatic.azureedge.net

tls

10.2kB
278.1kB
148
219
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.1kB
91.0kB
51
77
13.107.253.64:443

46 B
40 B
1
1
142.250.200.10:443

chromewebstore.googleapis.com

tls

2.0kB
8.0kB
17
18
23.62.61.176:443

www.bing.com

tls

1.0kB
5.1kB
9
11
23.62.61.160:443

www.bing.com

tls

1.3kB
906 B
7
7

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
199 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.140.242.104
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

159.113.53.23.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

premiumgoods.net

dns

62 B
94 B
1
1

DNS Request

premiumgoods.net

DNS Response

3.33.130.190

15.197.148.33
8.8.8.8:53

premiumgoods.net

dns

62 B
130 B
1
1

DNS Request

premiumgoods.net
8.8.8.8:53

www.premiumgoods.net

dns

66 B
112 B
1
1

DNS Request

www.premiumgoods.net

DNS Response

3.33.130.190

15.197.148.33
8.8.8.8:53

www.premiumgoods.net

dns

66 B
148 B
1
1

DNS Request

www.premiumgoods.net
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

104.109.143.23

104.109.143.24
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

104.242.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.242.140.51.in-addr.arpa
8.8.8.8:53

187.173.246.72.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

187.173.246.72.in-addr.arpa
8.8.8.8:53

190.130.33.3.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

190.130.33.3.in-addr.arpa
8.8.8.8:53

23.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

23.143.109.104.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.53.113.225
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

104.208.16.94
8.8.8.8:53

94.16.208.104.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

94.16.208.104.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

17.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

17.143.109.104.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
331 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.202

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

10.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.200.250.142.in-addr.arpa
8.8.8.8:53

176.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

176.61.62.23.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

160.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

160.61.62.23.in-addr.arpa
8.8.8.8:53

27.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

27.73.42.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.