56f1fd77ce7f4cb015e9cf49aec3177368a2c2a99952a6a50f9cf211e79f51bc

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 22:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ca8fe6cf284589a4d8376a17c6b394_JaffaCakes118.html
Size

160KB
MD5

14ca8fe6cf284589a4d8376a17c6b394
SHA1

45a51c022c1913c306d204c52b64a7eadda5954e
SHA256

56f1fd77ce7f4cb015e9cf49aec3177368a2c2a99952a6a50f9cf211e79f51bc
SHA512

9e1ec692f9d632c7c442cde1ac70946c629214b68db61cd33ea09747380a98d2acc27c16df378d3375ccb415c53d381aa05ce904a5eaa30adcf23372dfcc92bd
SSDEEP

3072:Swxc4z7AIqLnyfkMY+BES09JXAnyrZalI+YQ:SwhzEIKysMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14ca8fe6cf284589a4d8376a17c6b394_JaffaCakes118.html
1⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1348 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3792 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5440 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5992 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:492

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com

prod-agic-us-3.uksouth.cloudapp.azure.com

IN A

172.165.61.93
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

2.18.121.29

a416.dscd.akamai.net

IN A

2.18.121.10
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

93.61.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.61.165.172.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

29.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.121.18.2.in-addr.arpa

IN PTR

Response

29.121.18.2.in-addr.arpa

IN PTR

a2-18-121-29deploystaticakamaitechnologiescom
DNS

181.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.97.55.23.in-addr.arpa

IN PTR

Response

181.97.55.23.in-addr.arpa

IN PTR

a23-55-97-181deploystaticakamaitechnologiescom
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.53.113.225
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus17.centralus.cloudapp.azure.com

onedsblobprdcus17.centralus.cloudapp.azure.com

IN A

13.89.179.12
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

13.89.179.12:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwCoAlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAAf2e72yd1y0d9FeGXpo5elKDOZTyPpbaGajaaBM6LWf15rGp4q9LC52IxH7EuKSkCPPeYEfCFvLNCdd5Te2DmDAdi3RhbMscjRRPX8x154ZUw0l829q9xAKqCFLaiLZOL+W+2m/YgtbtybhMpZ12OzzHzUwF80Hk+D/SA2WA9AtItS4K4hUnJyzEsUz1UgQvDo+Cf03S6aFP0E5esCtt5LzUxbP8v6KTubCFtxmQTT+Uzc/xMDIWkbv0H+C9mi5E5u/IdbBkz+4wI22+o7wtv1WJDy0w/5HoFtn/XcI+fbQkIZ3ls/7gUcYmMLTfYM67+jIS+bG/Z5FlqVTFTUrUZKwDZgAACF2UVEfpUCmFeAHDNp0pEgvrbAs6m2LF175oWhhlfuoceuyisKfuWWLMN7Y7jxAKPsca6N0BUegJQ3Ivnr8iNoUCJRp6/doVYshaA5DXopFWX3tHeHHIVFVewAhkqYgXYqxwpxGBoeJbq8isj7J99BP6E3oVyrAFJfvpP3+OAzLmdiZkNMslkM7yYhUhRi5q4Wjn0yy9aL+s9Gmb1q/uu9+hhWcB+CdE0dtwH1JatBIeHruRdTO0OrWS+AsAdMKWYNOT+h4K+cmL9eU5zyrk9Bw5oochBmyKydxir3Ia1w2r2hSPd/p2Ygn4LjEeUQDbESQ+56E2OE+veRem3mYIfAQ0ZvvqYUYWxnnZr+Id4BkWtKpCCNMF7qglbItwc2kBTE+ko1P2iDH0LqxG+8mjIuJgD0On8bFJ20A0fiApzdRAE2gnZDSxOPtZBbnLLIRudWeEB+LIo1I9GA2cD7lffzPhsN8ZOak/wLZ4uDWnSPb87/1fovlbvLtiXpVXgS2dpuO/uAE=&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Sat, 04 May 2024 22:40:23 GMT
DNS

12.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.89.13.in-addr.arpa

IN PTR

Response
DNS

12.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.89.13.in-addr.arpa

IN PTR
DNS

12.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.89.13.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

24.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.121.18.2.in-addr.arpa

IN PTR

Response

24.121.18.2.in-addr.arpa

IN PTR

a2-18-121-24deploystaticakamaitechnologiescom
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN A

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com

share.n.shifen.com

IN A

112.34.113.148

share.n.shifen.com

IN A

163.177.17.97

share.n.shifen.com

IN A

180.101.212.103

share.n.shifen.com

IN A

182.61.201.93

share.n.shifen.com

IN A

182.61.201.94

share.n.shifen.com

IN A

182.61.244.229

share.n.shifen.com

IN A

14.215.182.161

share.n.shifen.com

IN A

39.156.68.163
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN Unknown

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

170.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.61.62.23.in-addr.arpa

IN PTR

Response

170.61.62.23.in-addr.arpa

IN PTR

a23-62-61-170deploystaticakamaitechnologiescom
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

171.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.61.62.23.in-addr.arpa

IN PTR

Response

171.61.62.23.in-addr.arpa

IN PTR

a23-62-61-171deploystaticakamaitechnologiescom
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.212.234

chromewebstore.googleapis.com

IN A

172.217.169.74

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response

13.107.6.158:443

business.bing.com

tls

2.0kB
9.8kB
17
22
172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

10.5kB
12.9kB
31
33
23.55.97.181:443

www.microsoft.com

tls

2.9kB
22.8kB
28
35
2.18.121.29:443

bzib.nelreports.net

tls

2.5kB
6.0kB
12
15
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.8kB
13
13
13.107.246.64:443

edgestatic.azureedge.net

tls

94.3kB
4.6MB
1949
3317
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.9kB
14
14
13.89.179.12:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
8.5kB
14
12

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
13.107.253.67:443

46 B
40 B
1
1
13.107.246.64:443

wcpstatic.microsoft.com

52 B
1
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.1kB
91.0kB
51
78
13.107.246.64:443

edgestatic.azureedge.net

tls

7.9kB
272.4kB
124
212
13.107.246.64:443

edgestatic.azureedge.net

tls

2.0kB
8.1kB
16
18
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
23.62.61.170:443

www.bing.com

tls

1.1kB
5.1kB
9
11
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
23.62.61.171:443

www.bing.com

tls

1.2kB
946 B
8
8
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.244.229:80

bdimg.share.baidu.com

208 B
4
182.61.244.229:80

bdimg.share.baidu.com

208 B
4
142.250.187.202:443

chromewebstore.googleapis.com

tls

1.6kB
6.3kB
11
10

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.61.93
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

2.18.121.29

2.18.121.10
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

159.113.53.23.in-addr.arpa
8.8.8.8:53

93.61.165.172.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

93.61.165.172.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

29.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

29.121.18.2.in-addr.arpa
8.8.8.8:53

181.97.55.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

181.97.55.23.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.53.113.225
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

13.89.179.12
8.8.8.8:53

12.179.89.13.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

12.179.89.13.in-addr.arpa

DNS Request

12.179.89.13.in-addr.arpa

DNS Request

12.179.89.13.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

24.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

24.121.18.2.in-addr.arpa
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
252 B
1
1

DNS Request

bdimg.share.baidu.com

DNS Response

112.34.113.148

163.177.17.97

180.101.212.103

182.61.201.93

182.61.201.94

182.61.244.229

14.215.182.161

39.156.68.163
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
181 B
1
1

DNS Request

bdimg.share.baidu.com
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

170.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

170.61.62.23.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

171.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

171.61.62.23.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
283 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.212.234

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.