33f0f63b2cf10e91cb89139ac42eedf9d66e3b9a9537064de754f88fc2f2f709

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 10:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83e8aaeaa185b1767fc666b0bfc1401b_JaffaCakes118.html
Size

20KB
MD5

83e8aaeaa185b1767fc666b0bfc1401b
SHA1

d83885fc129896d36165629403170839aa27edb8
SHA256

33f0f63b2cf10e91cb89139ac42eedf9d66e3b9a9537064de754f88fc2f2f709
SHA512

7e4decfbb1379aa5379e16fe5e96db3103db8f1ddf9ab4348a17dca4ade1c056c7f578032856f81a95b0d6b2a48001c55a01245759685a5c5610a8948c624ec2
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIo4wzUnjBhgK82qDB8:SIMd0I5nvH9svgJxDB8

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\83e8aaeaa185b1767fc666b0bfc1401b_JaffaCakes118.html
1⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4968 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5324 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4080 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5460 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
1⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4532 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4388

Network

DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

t.cn

Remote address:

8.8.8.8:53

Request

t.cn

IN A

Response

t.cn

IN A

39.105.18.168
DNS

t.cn

Remote address:

8.8.8.8:53

Request

t.cn

IN Unknown

Response
DNS

img1.jiehun.cn

Remote address:

8.8.8.8:53

Request

img1.jiehun.cn

IN A

Response

img1.jiehun.cn

IN CNAME

img1.jiehun.cn.a.bdydns.com

img1.jiehun.cn.a.bdydns.com

IN CNAME

opencdnspy.jomodns.com

opencdnspy.jomodns.com

IN A

182.106.158.35

opencdnspy.jomodns.com

IN A

125.74.110.35

opencdnspy.jomodns.com

IN A

150.138.188.35

opencdnspy.jomodns.com

IN A

171.214.23.35

opencdnspy.jomodns.com

IN A

171.214.24.35

opencdnspy.jomodns.com

IN A

175.4.51.35

opencdnspy.jomodns.com

IN A

182.84.110.35

opencdnspy.jomodns.com

IN A

125.74.1.35

opencdnspy.jomodns.com

IN A

182.140.225.35

opencdnspy.jomodns.com

IN A

183.61.177.35
DNS

img1.jiehun.cn

Remote address:

8.8.8.8:53

Request

img1.jiehun.cn

IN Unknown

Response
DNS

www.googleadsl.com

Remote address:

8.8.8.8:53

Request

www.googleadsl.com

IN A

Response

www.googleadsl.com

IN A

170.178.222.41
DNS

www.googleadsl.com

Remote address:

8.8.8.8:53

Request

www.googleadsl.com

IN Unknown

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

184.31.15.35

a416.dscd.akamai.net

IN A

184.31.15.40
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.bing.com

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

wwwprod.www-bing-com.akadns.net

wwwprod.www-bing-com.akadns.net

IN CNAME

www.bing.com.edgekey.net

www.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

23.62.61.168

e86303.dscx.akamaiedge.net

IN A

23.62.61.160

e86303.dscx.akamaiedge.net

IN A

23.62.61.57

e86303.dscx.akamaiedge.net

IN A

23.62.61.155

e86303.dscx.akamaiedge.net

IN A

23.62.61.58

e86303.dscx.akamaiedge.net

IN A

23.62.61.171

e86303.dscx.akamaiedge.net

IN A

23.62.61.194

e86303.dscx.akamaiedge.net

IN A

23.62.61.138

e86303.dscx.akamaiedge.net

IN A

23.62.61.185
DNS

35.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.15.31.184.in-addr.arpa

IN PTR

Response

35.15.31.184.in-addr.arpa

IN PTR

a184-31-15-35deploystaticakamaitechnologiescom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

194.17.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.17.21.2.in-addr.arpa

IN PTR

Response

194.17.21.2.in-addr.arpa

IN PTR

a2-21-17-194deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.53.113.225
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus17.centralus.cloudapp.azure.com

onedsblobprdcus17.centralus.cloudapp.azure.com

IN A

13.89.179.12
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

13.89.179.12:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Thu, 30 May 2024 10:30:52 GMT
DNS

12.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.89.13.in-addr.arpa

IN PTR

Response
DNS

hm.baidu.com

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

14.215.183.79

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

183.240.98.228

hm.e.shifen.com

IN A

14.215.182.140
DNS

hm.baidu.com

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN Unknown

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com
DNS

www.jiehun.cn

Remote address:

8.8.8.8:53

Request

www.jiehun.cn

IN A

Response

www.jiehun.cn

IN A

61.160.251.208
DNS

www.jiehun.cn

Remote address:

8.8.8.8:53

Request

www.jiehun.cn

IN Unknown

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

azurefd-t-fb-prod.trafficmanager.net

azurefd-t-fb-prod.trafficmanager.net

IN CNAME

dual.s-part-0036.t-0009.fb-t-msedge.net

dual.s-part-0036.t-0009.fb-t-msedge.net

IN CNAME

s-part-0036.t-0009.fb-t-msedge.net

s-part-0036.t-0009.fb-t-msedge.net

IN A

13.107.253.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

hm.baidu.com

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

183.240.98.228

hm.e.shifen.com

IN A

14.215.182.140

hm.e.shifen.com

IN A

14.215.183.79
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

58.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.61.62.23.in-addr.arpa

IN PTR

Response

58.61.62.23.in-addr.arpa

IN PTR

a23-62-61-58deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response
DNS

168.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.61.62.23.in-addr.arpa

IN PTR

Response

168.61.62.23.in-addr.arpa

IN PTR

a23-62-61-168deploystaticakamaitechnologiescom
DNS

67.112.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.112.168.52.in-addr.arpa

IN PTR

Response

13.107.6.158:443

business.bing.com

tls

2.0kB
10.0kB
18
24
13.87.96.169:443

nav-edge.smartscreen.microsoft.com

tls

10.6kB
12.9kB
30
34
184.31.15.35:443

bzib.nelreports.net

tls

2.6kB
6.1kB
15
16
39.105.18.168:80

t.cn

260 B
5
170.178.222.41:80

www.googleadsl.com

260 B
5
39.105.18.168:80

t.cn

260 B
5
170.178.222.41:80

www.googleadsl.com

260 B
5
182.106.158.35:80

img1.jiehun.cn

260 B
5
182.106.158.35:80

img1.jiehun.cn

260 B
5
182.106.158.35:80

img1.jiehun.cn

260 B
5
2.21.17.194:443

www.microsoft.com

tls

2.7kB
22.9kB
26
36
13.107.246.64:443

edgestatic.azureedge.net

tls

87.0kB
4.7MB
1815
3354
13.107.246.64:443

edgestatic.azureedge.net

tls

1.7kB
7.9kB
12
13
13.107.246.64:443

edgestatic.azureedge.net

tls

1.7kB
7.9kB
13
14
172.217.169.74:443

46 B
40 B
1
1
13.89.179.12:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

4.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
182.106.158.35:80

img1.jiehun.cn

260 B
5
182.106.158.35:80

img1.jiehun.cn

260 B
5
182.106.158.35:80

img1.jiehun.cn

260 B
5
125.74.110.35:80

img1.jiehun.cn

260 B
5
125.74.110.35:80

img1.jiehun.cn

260 B
5
125.74.110.35:80

img1.jiehun.cn

260 B
5
61.160.251.208:80

www.jiehun.cn

260 B
5
61.160.251.208:80

www.jiehun.cn

260 B
5
13.107.246.64:443

edgestatic.azureedge.net

tls

7.6kB
272.4kB
119
212
13.107.253.64:443

wcpstatic.microsoft.com

tls

4.0kB
91.0kB
52
78
14.215.183.79:80

hm.baidu.com

260 B
5
14.215.183.79:80

hm.baidu.com

260 B
5
13.107.253.64:443

wcpstatic.microsoft.com

46 B
40 B
1
1
125.74.110.35:80

img1.jiehun.cn

260 B
5
125.74.110.35:80

img1.jiehun.cn

260 B
5
125.74.110.35:80

img1.jiehun.cn

260 B
5
150.138.188.35:80

img1.jiehun.cn

260 B
5
150.138.188.35:80

img1.jiehun.cn

260 B
5
150.138.188.35:80

img1.jiehun.cn

260 B
5
111.45.3.198:80

hm.baidu.com

260 B
5
111.45.3.198:80

hm.baidu.com

260 B
5
23.62.61.58:443

www.bing.com

tls

1.0kB
5.1kB
9
11
150.138.188.35:80

img1.jiehun.cn

260 B
5
150.138.188.35:80

img1.jiehun.cn

260 B
5
150.138.188.35:80

img1.jiehun.cn

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
111.45.11.83:80

hm.baidu.com

260 B
5
111.45.11.83:80

hm.baidu.com

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
171.214.23.35:80

img1.jiehun.cn

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
183.240.98.228:80

hm.baidu.com

260 B
5
183.240.98.228:80

hm.baidu.com

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
171.214.24.35:80

img1.jiehun.cn

260 B
5
175.4.51.35:80

img1.jiehun.cn

260 B
5
175.4.51.35:80

img1.jiehun.cn

260 B
5
175.4.51.35:80

img1.jiehun.cn

260 B
5
14.215.182.140:80

hm.baidu.com

260 B
5
14.215.182.140:80

hm.baidu.com

260 B
5
23.62.61.168:443

www.bing.com

tls

1.2kB
906 B
7
7
175.4.51.35:80

img1.jiehun.cn

260 B
5
175.4.51.35:80

img1.jiehun.cn

260 B
5
175.4.51.35:80

img1.jiehun.cn

260 B
5
182.84.110.35:80

img1.jiehun.cn

260 B
5
182.84.110.35:80

img1.jiehun.cn

260 B
5
182.84.110.35:80

img1.jiehun.cn

260 B
5
182.84.110.35:80
182.84.110.35:80
182.84.110.35:80
125.74.1.35:80
125.74.1.35:80

8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

159.113.53.23.in-addr.arpa
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
1

DNS Request

www.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
1

DNS Request

www.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

t.cn

dns

50 B
66 B
1
1

DNS Request

t.cn

DNS Response

39.105.18.168
8.8.8.8:53

t.cn

dns

50 B
112 B
1
1

DNS Request

t.cn
8.8.8.8:53

img1.jiehun.cn

dns

60 B
294 B
1
1

DNS Request

img1.jiehun.cn

DNS Response

182.106.158.35

125.74.110.35

150.138.188.35

171.214.23.35

171.214.24.35

175.4.51.35

182.84.110.35

125.74.1.35

182.140.225.35

183.61.177.35
8.8.8.8:53

img1.jiehun.cn

dns

60 B
60 B
1
1

DNS Request

img1.jiehun.cn
8.8.8.8:53

www.googleadsl.com

dns

64 B
80 B
1
1

DNS Request

www.googleadsl.com

DNS Response

170.178.222.41
8.8.8.8:53

www.googleadsl.com

dns

64 B
64 B
1
1

DNS Request

www.googleadsl.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

184.31.15.35

184.31.15.40
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

121 B
549 B
2
2

DNS Request

www.microsoft.com

DNS Response

2.21.17.194

DNS Request

www.bing.com

DNS Response

23.62.61.168

23.62.61.160

23.62.61.57

23.62.61.155

23.62.61.58

23.62.61.171

23.62.61.194

23.62.61.138

23.62.61.185
8.8.8.8:53

35.15.31.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

35.15.31.184.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

194.17.21.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

194.17.21.2.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.53.113.225
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

13.89.179.12
8.8.8.8:53

12.179.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

12.179.89.13.in-addr.arpa
8.8.8.8:53

hm.baidu.com

dns

58 B
164 B
1
1

DNS Request

hm.baidu.com

DNS Response

14.215.183.79

111.45.3.198

111.45.11.83

183.240.98.228

14.215.182.140
8.8.8.8:53

hm.baidu.com

dns

58 B
141 B
1
1

DNS Request

hm.baidu.com
8.8.8.8:53

www.jiehun.cn

dns

59 B
75 B
1
1

DNS Request

www.jiehun.cn

DNS Response

61.160.251.208
8.8.8.8:53

www.jiehun.cn

dns

59 B
59 B
1
1

DNS Request

www.jiehun.cn
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
333 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.253.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

hm.baidu.com

dns

58 B
164 B
1
1

DNS Request

hm.baidu.com

DNS Response

111.45.3.198

111.45.11.83

183.240.98.228

14.215.182.140

14.215.183.79
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

58.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

58.61.62.23.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa
8.8.8.8:53

168.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

168.61.62.23.in-addr.arpa
8.8.8.8:53

67.112.168.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

67.112.168.52.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.