ef9c9a7f764008fbade80d344a732cfd8292d5e3ae5b2bdd8911e64687d62873

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 07:32 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16a10defc1126a4bc33023c47aec2801_JaffaCakes118.html
Size

145KB
MD5

16a10defc1126a4bc33023c47aec2801
SHA1

84612416485e6218329e046240fd9ff5e03c569b
SHA256

ef9c9a7f764008fbade80d344a732cfd8292d5e3ae5b2bdd8911e64687d62873
SHA512

d186b1b441a96d969a64bd1cc3c1e9b150cfe3e991eeb7d1fa2ed581563a9fbae3428aa794a07aaccc05c194c0ac86c2224e007fbfa17b1371e12c35b0d6fcb4
SSDEEP

3072:S/ObGpyHgpx7dyfkMY+BES09JXAnyrZalI+YQ:S/OUyHgpx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\16a10defc1126a4bc33023c47aec2801_JaffaCakes118.html
1⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5676 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5740 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4004 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
1⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4632 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:2276

Network

DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com

prod-agic-us-3.uksouth.cloudapp.azure.com

IN A

172.165.61.93
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN A

Response
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN Unknown

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN A

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

96.16.53.162

a416.dscd.akamai.net

IN A

96.16.53.149
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

93.61.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.61.165.172.in-addr.arpa

IN PTR

Response
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN A

Response
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN Unknown

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN A

Response
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN Unknown

Response
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN A

Response
DNS

www.dkt36e.top

Remote address:

8.8.8.8:53

Request

www.dkt36e.top

IN Unknown

Response
DNS

162.53.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.53.16.96.in-addr.arpa

IN PTR

Response

162.53.16.96.in-addr.arpa

IN PTR

a96-16-53-162deploystaticakamaitechnologiescom
DNS

194.17.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.17.21.2.in-addr.arpa

IN PTR

Response

194.17.21.2.in-addr.arpa

IN PTR

a2-21-17-194deploystaticakamaitechnologiescom
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.53.113.225
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

push.zhanzhang.baidu.com

Remote address:

8.8.8.8:53

Request

push.zhanzhang.baidu.com

IN A

Response

push.zhanzhang.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com

share.n.shifen.com

IN A

163.177.17.97

share.n.shifen.com

IN A

180.101.212.103

share.n.shifen.com

IN A

182.61.201.93

share.n.shifen.com

IN A

182.61.201.94

share.n.shifen.com

IN A

182.61.244.229

share.n.shifen.com

IN A

14.215.182.161

share.n.shifen.com

IN A

39.156.68.163

share.n.shifen.com

IN A

112.34.113.148
DNS

push.zhanzhang.baidu.com

Remote address:

8.8.8.8:53

Request

push.zhanzhang.baidu.com

IN Unknown

Response

push.zhanzhang.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com
DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdeus17.eastus.cloudapp.azure.com

onedsblobprdeus17.eastus.cloudapp.azure.com

IN A

20.42.65.92
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

20.42.65.92:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAAb9dswOuDX7VckXZcTjLhy1wauMu9SSTCPpOn2h82ePSbs+ocy6UR9WfBH/c2/XZfcBDjVF3AFuGmQm6EsloCu6t11LlkDoKGos392yONIYaiYc5SshmhTI8YNwImckZFvHGMxXO+XdagNNQjsCXiRitsO2WdS0z9UOvcaCIMGVfYrZlT2mzF07gWVZjEtP9S+5Pwjnqy7DGv5b6aYt8MlkxhKja/F800I4hmyIJvhHIToxKAyy6hoYWj3JSZOY3bb6dRDJkNrWXNrbAT9ihQUsYSdXpou0eDOssqHj+pQ203fBRUc9XMCaoJKlbejxw8VIHA6t/qTHmFiBRyGcBblEDZgAACFYCkT7MhfMCiAFANls8bFFXZu2Zq7Byx3/4UzWScvXzlXZFcwqE9GMXe5WEPwynxIdO5wKpqMkyzg7ZSwnwesndQeYDICyFQyOUMGsyYRRaJ94/WyRWIvGzN9OyGtezxpXNxXlqoKWNc34PCvNPHbbUlapVBBkenwQigi8Ll/1/VqIJG0qbOQrAh8RRHP6mZeXH8GiqyqZuHLyWXVJEHBHJH9C7CbJpV0LE0K8i35A1ZATlJIWNrk5VbRaiQhzjo40TNzBL+7Ix21Jobv2FfIVGL4+4IaGMmP486vvmttUFQON8ezXc3YeFZoYEZVbt19DDwZrOmIA6QAIdrQ1qyVrUMlvAaUDfNQ02mhY5+OuedsL42U/ph1fiS5yFhE8q0qys93FIznQYYL0/Ta2YeDr+04aX1k+/eqWdhXSAn7t05Dhoin5XzGhhv8iYPGWO1RdiRKm9jeVWzxDSDSvBBp3evWc6MDSPhX7dAT3zi9zMy5XAdehDn5aElGOlF/AEWzotXPdZ8rwoaCHshVlCgjueUbgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Sun, 05 May 2024 07:33:21 GMT
DNS

92.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.65.42.20.in-addr.arpa

IN PTR

Response
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN A

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com

share.n.shifen.com

IN A

112.34.113.148

share.n.shifen.com

IN A

163.177.17.97

share.n.shifen.com

IN A

180.101.212.103

share.n.shifen.com

IN A

182.61.201.93

share.n.shifen.com

IN A

182.61.201.94

share.n.shifen.com

IN A

182.61.244.229

share.n.shifen.com

IN A

14.215.182.161

share.n.shifen.com

IN A

39.156.68.163
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN Unknown

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

139.53.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.53.16.96.in-addr.arpa

IN PTR

Response

139.53.16.96.in-addr.arpa

IN PTR

a96-16-53-139deploystaticakamaitechnologiescom
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

129.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.61.62.23.in-addr.arpa

IN PTR

Response

129.61.62.23.in-addr.arpa

IN PTR

a23-62-61-129deploystaticakamaitechnologiescom

172.165.61.93:443

nav-edge.smartscreen.microsoft.com

tls

10.6kB
12.8kB
30
32
13.107.6.158:443

business.bing.com

tls

2.0kB
9.9kB
17
22
2.21.17.194:443

www.microsoft.com

tls

2.7kB
22.8kB
26
36
96.16.53.162:443

bzib.nelreports.net

tls

2.4kB
6.0kB
12
15
13.107.246.64:443

edgestatic.azureedge.net

tls

93.3kB
4.6MB
1918
3316
13.107.246.64:443

edgestatic.azureedge.net

tls

1.9kB
7.9kB
14
14
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.9kB
14
14
13.107.246.64:443

edgestatic.azureedge.net

tls

7.8kB
272.5kB
122
213
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.1kB
91.0kB
52
78
163.177.17.97:80

push.zhanzhang.baidu.com

260 B
5
163.177.17.97:80

push.zhanzhang.baidu.com

260 B
5
216.58.201.106:443

46 B
40 B
1
1
20.42.65.92:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
23.62.61.194:443

www.bing.com

tls

1.0kB
5.1kB
9
11
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
182.61.201.93:80

bdimg.share.baidu.com

260 B
5
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
14.215.182.161:80

bdimg.share.baidu.com

260 B
5
14.215.182.161:80

bdimg.share.baidu.com

260 B
5
23.62.61.129:443

www.bing.com

tls

1.3kB
906 B
7
7
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
39.156.68.163:80

bdimg.share.baidu.com

260 B
5
39.156.68.163:80

bdimg.share.baidu.com

260 B
5
14.215.182.161:80

bdimg.share.baidu.com

52 B
1
14.215.182.161:80

8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.61.93
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

96.16.53.162

96.16.53.149
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

93.61.165.172.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

93.61.165.172.in-addr.arpa
8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

159.113.53.23.in-addr.arpa
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

www.dkt36e.top

dns

60 B
130 B
1
1

DNS Request

www.dkt36e.top
8.8.8.8:53

194.17.21.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

194.17.21.2.in-addr.arpa
8.8.8.8:53

162.53.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

162.53.16.96.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.53.113.225
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

push.zhanzhang.baidu.com

dns

70 B
255 B
1
1

DNS Request

push.zhanzhang.baidu.com

DNS Response

163.177.17.97

180.101.212.103

182.61.201.93

182.61.201.94

182.61.244.229

14.215.182.161

39.156.68.163

112.34.113.148
8.8.8.8:53

push.zhanzhang.baidu.com

dns

70 B
184 B
1
1

DNS Request

push.zhanzhang.baidu.com
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
211 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

20.42.65.92
8.8.8.8:53

92.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

92.65.42.20.in-addr.arpa
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
252 B
1
1

DNS Request

bdimg.share.baidu.com

DNS Response

112.34.113.148

163.177.17.97

180.101.212.103

182.61.201.93

182.61.201.94

182.61.244.229

14.215.182.161

39.156.68.163
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
181 B
1
1

DNS Request

bdimg.share.baidu.com
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

139.53.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

139.53.16.96.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

129.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

129.61.62.23.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.