52470761f13f1d847f30c84897a26e0fde5090a98a5676a169013ae381c6a42c

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 19:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a45b9c88f655eb40822d093767bb510_JaffaCakes118.html
Size

41KB
MD5

7a45b9c88f655eb40822d093767bb510
SHA1

1ac7181fac55d2c7a29de5ebb638c23d7c376bb0
SHA256

52470761f13f1d847f30c84897a26e0fde5090a98a5676a169013ae381c6a42c
SHA512

b49dc60d8ba0fbb440ed9768cc551f854b03e0ad38e969a464f350aa25f29faac442737ffa8d8b9cda47b7ccb6ba875e2c1f83e314e6f7ce6dbdc9dedca079a4
SSDEEP

192:uw33b5n95nQjxn5Q/snQiePNn2NGnQOkEntU6nQTbn5nQmSDx7QpP0EQ1ljPTjQV:yQ/ANTkxJ18o3inoCtP1wgkGDx

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a45b9c88f655eb40822d093767bb510_JaffaCakes118.html
1⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4752 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4012 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5540 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
1⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5788 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4728

Network

DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

cdd.net.ua

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN A

Response

cdd.net.ua

IN A

89.184.88.6
DNS

cdd.net.ua

Remote address:

8.8.8.8:53

Request

cdd.net.ua

IN Unknown

Response
DNS

164.189.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.189.21.2.in-addr.arpa

IN PTR

Response

164.189.21.2.in-addr.arpa

IN PTR

a2-21-189-164deploystaticakamaitechnologiescom
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

2.17.251.21

a416.dscd.akamai.net

IN A

2.17.251.4
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

216.58.214.74

chromewebstore.googleapis.com

IN A

142.250.74.234

chromewebstore.googleapis.com

IN A

142.250.75.234

chromewebstore.googleapis.com

IN A

216.58.214.170

chromewebstore.googleapis.com

IN A

172.217.20.170

chromewebstore.googleapis.com

IN A

172.217.20.202

chromewebstore.googleapis.com

IN A

142.250.179.74

chromewebstore.googleapis.com

IN A

142.250.179.106

chromewebstore.googleapis.com

IN A

142.250.178.138

chromewebstore.googleapis.com

IN A

142.250.201.170
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

228.69.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.69.165.172.in-addr.arpa

IN PTR

Response
DNS

21.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.251.17.2.in-addr.arpa

IN PTR

Response

21.251.17.2.in-addr.arpa

IN PTR

a2-17-251-21deploystaticakamaitechnologiescom
DNS

194.17.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.17.21.2.in-addr.arpa

IN PTR

Response

194.17.21.2.in-addr.arpa

IN PTR

a2-21-17-194deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

2.21.189.233
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

25.24.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.24.18.2.in-addr.arpa

IN PTR

Response

25.24.18.2.in-addr.arpa

IN PTR

a2-18-24-25deploystaticakamaitechnologiescom
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdeus17.eastus.cloudapp.azure.com

onedsblobprdeus17.eastus.cloudapp.azure.com

IN A

20.42.65.92
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

20.42.65.92:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAAT5tXGqOZrijYB5oulfcA47NSmMFcsH91WS3tlUsbqZ27HUNAXni0pSPVhlf7OiE65qvM6I1Z5v/gltRyN5OzpuxXm2qCD0A8W693nCsKXY3ibbrNwLYCWLRha8I0DFRC/KGu4SpJCZxekivS65hsyc75k7UpKY15gpy1qYdpXb4p9FAQ9Fy8UPUVFR+iKm0zjH5WP9u9gP0NiACI6gWjb/vIQOrz4bcfCVzfzyEWWIjCMSccU858XuQNcpyw2OUhKrvRerBkE2mEA4NZU4GeWGXg18mh9KD3Nd8c8pHGbprDNx/wR86jEMLY2Ak/j2yeSy4h31UVIr7lRIRiC0SFkkDZgAACJ2Kgw5jl24LiAEc0nQKtalUM14zLBP9NvFSIaQk0dk0z+uCWLSATdGO7bVbdsrK7A0v+WWCYmTPPr57YBBuA+brL1sGtYjDSMdPAb5Ycv0kHdBhkfdhLHBY98kmGIdguA/Cho8xIw2ZaMrVZqFWerSVNDNHkwwF+NBTmYmg3DT6zPMzuup71FYCT9qsuwR3uvoe9dhhn6AFq2JsZeTu0WK8qWej7BhHnOMDDKYRmXbMBf7OgsxbZm0lywlOylGRnqp1Jr2BUYDwqWQy60zWKpE9WNdtd6FyNZ7kzsmJu1QaNdSIDernreDtFspcEm0OKFbCcN32p1B8YycoyPvt6Jl2W70RD86ftYY6zPDeTZrAcx0X0n0D0ljK+lkKZPL5YEhmS/P6Lh3WQI+JHp6GNlQzBZW5Ao2m376SjWXvfW7kemKYCfVywgfnK5WcB0989/MyFIJezbsGnN29EwslFy2Gvw3PrHryC0kiq6/LXI7P/rG1oSeGcMTnXkQ2CB0J1j4+wbTB3x7Sdh8D6z18zzX0crgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Mon, 27 May 2024 19:36:00 GMT
DNS

92.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.65.42.20.in-addr.arpa

IN PTR

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

74.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.214.58.216.in-addr.arpa

IN PTR

Response

74.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f101e100net

74.214.58.216.in-addr.arpa

IN PTR

fra15s10-in-f74�H

74.214.58.216.in-addr.arpa

IN PTR

par10s39-in-f10�H
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

203.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.107.17.2.in-addr.arpa

IN PTR

Response

203.107.17.2.in-addr.arpa

IN PTR

a2-17-107-203deploystaticakamaitechnologiescom
DNS

144.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.107.17.2.in-addr.arpa

IN PTR

Response

144.107.17.2.in-addr.arpa

IN PTR

a2-17-107-144deploystaticakamaitechnologiescom
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

15.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.173.189.20.in-addr.arpa

IN PTR

Response

172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

1.3kB
7.7kB
15
16
13.107.6.158:443

business.bing.com

tls

2.0kB
9.8kB
17
22
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

10.6kB
12.8kB
32
31
2.17.251.21:443

bzib.nelreports.net

tls

2.6kB
6.0kB
13
15
2.21.17.194:443

www.microsoft.com

tls

2.8kB
22.9kB
26
36
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.9kB
13
14
13.107.246.64:443

edgestatic.azureedge.net

tls

96.9kB
4.7MB
1961
3354
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.6kB
13
11
20.42.65.92:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
216.58.214.74:443

chromewebstore.googleapis.com

tls

2.1kB
8.0kB
17
18
13.107.246.64:443

edgestatic.azureedge.net

tls

1.7kB
7.6kB
10
11
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.2kB
91.0kB
52
78
13.107.246.64:443

edgestatic.azureedge.net

tls

8.1kB
272.5kB
126
213
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
23.62.61.97:443

www.bing.com

tls

1.1kB
5.2kB
10
12
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5
23.62.61.97:443

www.bing.com

tls

1.3kB
906 B
7
7
89.184.88.6:80

cdd.net.ua

260 B
5
89.184.88.6:80

cdd.net.ua

260 B
5

8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

cdd.net.ua

dns

56 B
72 B
1
1

DNS Request

cdd.net.ua

DNS Response

89.184.88.6
8.8.8.8:53

cdd.net.ua

dns

56 B
128 B
1
1

DNS Request

cdd.net.ua
8.8.8.8:53

164.189.21.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

164.189.21.2.in-addr.arpa
8.8.8.8:53

bzib.nelreports.net

dns

140 B
407 B
2
2

DNS Request

bzib.nelreports.net

DNS Response

2.17.251.21

2.17.251.4

DNS Request

chromewebstore.googleapis.com

DNS Response

216.58.214.74

142.250.74.234

142.250.75.234

216.58.214.170

172.217.20.170

172.217.20.202

142.250.179.74

142.250.179.106

142.250.178.138

142.250.201.170
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

228.69.165.172.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.69.165.172.in-addr.arpa
8.8.8.8:53

21.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

21.251.17.2.in-addr.arpa
8.8.8.8:53

194.17.21.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

194.17.21.2.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

2.21.189.233
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

25.24.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

25.24.18.2.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
211 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

20.42.65.92
8.8.8.8:53

92.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

92.65.42.20.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

74.214.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.214.58.216.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

203.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

203.107.17.2.in-addr.arpa
8.8.8.8:53

144.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

144.107.17.2.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

15.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

15.173.189.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.