044c6ec0f26d04cf2d0900e557ed9bcfad67e875c55044d1c39be027e8feb75d

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 23:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html
Size

139KB
MD5

68fbe81a7520d45eac22f25690f0c541
SHA1

b698ff7081c93605620ec5443f3f799dade52875
SHA256

044c6ec0f26d04cf2d0900e557ed9bcfad67e875c55044d1c39be027e8feb75d
SHA512

5bbd2bd43219b0ea5c9f1cbbcb027d4faa278690301707bf93e2a82887227b820927964b9c52fa617879b36439fcabd7c6c8960f7b6e0b0da6518a64ddbd1863
SSDEEP

1536:S60C6zmTrNeXMuPx0rClrMFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP06:Sqr4cyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68fbe81a7520d45eac22f25690f0c541_JaffaCakes118.html
1⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3780 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4024 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5496 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5768 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:1268

Network

DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

2.17.251.21

a416.dscd.akamai.net

IN A

2.17.251.4
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

56.94.73.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.94.73.104.in-addr.arpa

IN PTR

Response

56.94.73.104.in-addr.arpa

IN PTR

a104-73-94-56deploystaticakamaitechnologiescom
DNS

188.108.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.108.11.51.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

23.55.97.181
DNS

7tn2z.69khz.com

Remote address:

8.8.8.8:53

Request

7tn2z.69khz.com

IN A

Response
DNS

7tn2z.69khz.com

Remote address:

8.8.8.8:53

Request

7tn2z.69khz.com

IN Unknown

Response
DNS

7tn2z.69khz.com

Remote address:

8.8.8.8:53

Request

7tn2z.69khz.com

IN A

Response
DNS

21.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.251.17.2.in-addr.arpa

IN PTR

Response

21.251.17.2.in-addr.arpa

IN PTR

a2-17-251-21deploystaticakamaitechnologiescom
DNS

181.97.55.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.97.55.23.in-addr.arpa

IN PTR

Response

181.97.55.23.in-addr.arpa

IN PTR

a23-55-97-181deploystaticakamaitechnologiescom
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

104.73.93.171
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN A

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com

share.n.shifen.com

IN A

182.61.201.94

share.n.shifen.com

IN A

182.61.244.229

share.n.shifen.com

IN A

14.215.182.161

share.n.shifen.com

IN A

39.156.68.163

share.n.shifen.com

IN A

112.34.113.148

share.n.shifen.com

IN A

163.177.17.97

share.n.shifen.com

IN A

180.101.212.103

share.n.shifen.com

IN A

182.61.201.93
DNS

bdimg.share.baidu.com

Remote address:

8.8.8.8:53

Request

bdimg.share.baidu.com

IN Unknown

Response

bdimg.share.baidu.com

IN CNAME

share.jomodns.com

share.jomodns.com

IN CNAME

share.n.shifen.com
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus16.westus.cloudapp.azure.com

onedsblobprdwus16.westus.cloudapp.azure.com

IN A

20.189.173.21
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

20.189.173.21:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAATiYtz6q6Bw+kz6IdWcoLqpnU7Dfw/mZW5yc47vVz3/4hPnlxzuF7ff+XDA8komqy/tTJLdHu3HDYuHIfc+8NabUFoZ3LNAml7sk/lzmA+uMSymj+ewvTav46XXtbHc3bUHeSu/AIMEHpyibwEsBNmoXaGh8vP9rdv83LOO83DERqeLFziWTTtW4TO74tOGldeyR+k5gJ8sfhS/jX6SsD9t+9fzCcT84uD2AhwS9qU2GUich5wopuR1sgVQyUszpkFu5e/23yN6x0kZdbruh4DBJCU74Tu4H1B9y/W0XbS6xBFjQyQ/N0486VdVF+enulUfOC9lLIXE9ckpWST+Up9EDZgAACH6yZBkHkcTHiAEmpJQ+SU6ViV19TS6jBm3znLrJzT1K6sCLEdD8SrdJKNnJhMqXQRQfCtjGqhxvN7xkXdYOFAJeoK1xu4/0z2yaBtc8TJ0WrEuk7Q9uTJ64b52bPBXvn5F2wyARMllrPOsR+E0MHc6A6bOMdR8q1c6N97OgX1KCQPcBSBV6YwRRtPL1dz4cE1w6awQsjhv0l5b7Fnnz7kqah/wPjySvBTSD+wCZS7kNXRRHi/9/IYkX5MrNg3eh4njL1QwfEspppghlliUn5MNtGeQTjF8vj8rm9fo1EOIYuduEN5fZoReXq0WxGdib1k3MFVDgAf78VF8s1SA2b3QS+mSeQh/lspnfzdW9yPxtwvhXfFf+oqeu90OitD/JKhdo9X3MtjKUOIJoLzZqkbz8HASmgf28+25n+4fP0G8DTrMD07yESvRSlG9yV5eCGjqiCuzLUx/bm+i3aDk+RpwDEbxTwE4X/c54dyK4DaqsfTfQBorSAWmYB12i1aESDozNO4xYOj+SNE2nws+JLj+uNbgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Wed, 22 May 2024 23:22:51 GMT
DNS

21.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.173.189.20.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.213.10

chromewebstore.googleapis.com

IN A

172.217.169.10

chromewebstore.googleapis.com

IN A

216.58.212.234
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

31.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.73.42.20.in-addr.arpa

IN PTR

Response

51.11.108.188:443

nav-edge.smartscreen.microsoft.com

tls

10.5kB
12.8kB
30
32
13.107.6.158:443

business.bing.com

tls

2.0kB
9.7kB
17
21
23.55.97.181:443

www.microsoft.com

tls

2.8kB
22.9kB
26
36
2.17.251.21:443

bzib.nelreports.net

tls

2.5kB
6.0kB
13
15
13.107.246.64:443

edgestatic.azureedge.net

tls

91.9kB
4.7MB
1894
3361
13.107.246.64:443

edgestatic.azureedge.net

tls

1.5kB
7.5kB
9
10
13.107.246.64:443

edgestatic.azureedge.net

tls

1.6kB
7.5kB
10
10
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
182.61.201.94:80

bdimg.share.baidu.com

260 B
5
20.189.173.21:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
172.217.169.42:443

chromewebstore.googleapis.com

tls

2.0kB
8.0kB
17
18
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
182.61.244.229:80

bdimg.share.baidu.com

260 B
5
13.107.246.64:443

edgestatic.azureedge.net

tls

8.3kB
272.5kB
128
215
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.6kB
91.0kB
59
77
14.215.182.161:80

bdimg.share.baidu.com

260 B
5
14.215.182.161:80

bdimg.share.baidu.com

260 B
5
23.62.61.97:443

www.bing.com

tls

1.1kB
5.2kB
10
12
39.156.68.163:80

bdimg.share.baidu.com

260 B
5
39.156.68.163:80

bdimg.share.baidu.com

260 B
5
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
112.34.113.148:80

bdimg.share.baidu.com

260 B
5
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
23.62.61.97:443

www.bing.com

tls

1.2kB
906 B
7
7
163.177.17.97:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5
180.101.212.103:80

bdimg.share.baidu.com

260 B
5

8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
199 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.11.108.188
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

2.17.251.21

2.17.251.4
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

56.94.73.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

56.94.73.104.in-addr.arpa
8.8.8.8:53

188.108.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

188.108.11.51.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

23.55.97.181
8.8.8.8:53

7tn2z.69khz.com

dns

61 B
134 B
1
1

DNS Request

7tn2z.69khz.com
8.8.8.8:53

7tn2z.69khz.com

dns

61 B
134 B
1
1

DNS Request

7tn2z.69khz.com
8.8.8.8:53

7tn2z.69khz.com

dns

61 B
134 B
1
1

DNS Request

7tn2z.69khz.com
8.8.8.8:53

21.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

21.251.17.2.in-addr.arpa
8.8.8.8:53

181.97.55.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

181.97.55.23.in-addr.arpa
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

104.73.93.171
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
252 B
1
1

DNS Request

bdimg.share.baidu.com

DNS Response

182.61.201.94

182.61.244.229

14.215.182.161

39.156.68.163

112.34.113.148

163.177.17.97

180.101.212.103

182.61.201.93
8.8.8.8:53

bdimg.share.baidu.com

dns

67 B
181 B
1
1

DNS Request

bdimg.share.baidu.com
8.8.8.8:53

74.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

74.32.126.40.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
211 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

20.189.173.21
8.8.8.8:53

21.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.173.189.20.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
299 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.169.217.172.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

31.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

31.73.42.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.