19c0e424be013094881f9fadf92e37581fe420e1de77643267ceeb43bb9e1892

Analysis

max time kernel
134s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 08:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d7f5ee1e23c75eeeebcec4160e374fb_JaffaCakes118.html
Size

17KB
MD5

8d7f5ee1e23c75eeeebcec4160e374fb
SHA1

be60d801b19116f468b6283c94f1e40887082da1
SHA256

19c0e424be013094881f9fadf92e37581fe420e1de77643267ceeb43bb9e1892
SHA512

f3b08bcc359f4b1e953a3a7fc1dbdff15e1cac1e04fa9b70ed8a736cbdc799cc8150b1a8d01c97bcda162333a99921868dfa6aa407e5e802c70c63807b024d2e
SSDEEP

384:7Ri/Tgpi/ojR4OonuARsSqIpJakaj3zzE4fWywzIKAASIFukX04QfkU3e:UU0QjR4OonDs1FfWywzIKAASIFukX04H

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d7f5ee1e23c75eeeebcec4160e374fb_JaffaCakes118.html
1⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4020,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:1
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4904,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:1
1⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5280,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
1⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5340,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5472,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
1⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6024,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:1
1⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5800,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5988,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:8
1⤵
PID:3140

Network

DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN A

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

ssl.bingadsedgeextension-prod-europe.azurewebsites.net

IN A

94.245.104.56
DNS

api.edgeoffer.microsoft.com

Remote address:

8.8.8.8:53

Request

api.edgeoffer.microsoft.com

IN Unknown

Response

api.edgeoffer.microsoft.com

IN CNAME

bingadsedgeextension-prod.trafficmanager.net

bingadsedgeextension-prod.trafficmanager.net

IN CNAME

bingadsedgeextension-prod-europe.azurewebsites.net

bingadsedgeextension-prod-europe.azurewebsites.net

IN CNAME

ssl.bingadsedgeextension-prod-europe.azurewebsites.net
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN A

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN Unknown

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

104.91.71.140

a416.dscd.akamai.net

IN A

104.91.71.133
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

savvyweb.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

savvyweb.s3.amazonaws.com

IN A

Response

savvyweb.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

52.217.225.41

s3-w.us-east-1.amazonaws.com

IN A

52.217.203.113

s3-w.us-east-1.amazonaws.com

IN A

52.217.33.180

s3-w.us-east-1.amazonaws.com

IN A

52.217.207.105

s3-w.us-east-1.amazonaws.com

IN A

52.217.204.121

s3-w.us-east-1.amazonaws.com

IN A

3.5.28.170

s3-w.us-east-1.amazonaws.com

IN A

52.216.53.153

s3-w.us-east-1.amazonaws.com

IN A

52.216.95.51
DNS

savvyweb.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

savvyweb.s3.amazonaws.com

IN Unknown

Response

savvyweb.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com
GET

http://savvyweb.s3.amazonaws.com/savvyapt_wbounce.png

Remote address:

52.217.225.41:80

Request

GET /savvyapt_wbounce.png HTTP/1.1
Host: savvyweb.s3.amazonaws.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

x-amz-request-id: 1Z56JAS3100HV35H
x-amz-id-2: M7RKGHoLtIR3ApoqaW6rvpx1AkaFDx69f/0160MUEdIxNGbiQO4O8toM07yV7iaMo0FvSv+u/d4=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Sun, 02 Jun 2024 08:45:16 GMT
Server: AmazonS3
GET

http://fonts.googleapis.com/css?family=Rock+Salt%3Aregular&subset=latin&ver=4.7.5

Remote address:

142.250.187.202:80

Request

GET /css?family=Rock+Salt%3Aregular&subset=latin&ver=4.7.5 HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 02 Jun 2024 08:45:17 GMT
Date: Sun, 02 Jun 2024 08:45:17 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Sun, 02 Jun 2024 08:45:17 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Old+Standard+TT%3A400%2C400italic%2C700&subset=latin%2Clatin-ext&ver=4.7.5

Remote address:

142.250.187.202:80

Request

GET /css?family=Old+Standard+TT%3A400%2C400italic%2C700&subset=latin%2Clatin-ext&ver=4.7.5 HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sun, 02 Jun 2024 08:45:17 GMT
Date: Sun, 02 Jun 2024 08:45:17 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Sun, 02 Jun 2024 08:45:17 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN A

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN A

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN Unknown

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN A

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN Unknown

Response
GET

http://fonts.gstatic.com/s/rocksalt/v22/MwQ0bhv11fWD6QsAVOZrt0M6.woff2

Remote address:

216.58.201.99:80

Request

GET /s/rocksalt/v22/MwQ0bhv11fWD6QsAVOZrt0M6.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 58668
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 01 Jun 2024 13:54:32 GMT
Expires: Sun, 01 Jun 2025 13:54:32 GMT
Cache-Control: public, max-age=31536000
Age: 67845
Last-Modified: Thu, 24 Aug 2023 20:18:25 GMT
Content-Type: font/woff2
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN A

Response
DNS

greenearthterrarium.com

Remote address:

8.8.8.8:53

Request

greenearthterrarium.com

IN Unknown

Response
DNS

www.savvy-data.us

Remote address:

8.8.8.8:53

Request

www.savvy-data.us

IN A

Response
DNS

www.savvy-data.us

Remote address:

8.8.8.8:53

Request

www.savvy-data.us

IN Unknown

Response
DNS

www.savvy-data.us

Remote address:

8.8.8.8:53

Request

www.savvy-data.us

IN A

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

56.104.245.94.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.104.245.94.in-addr.arpa

IN PTR

Response
DNS

164.189.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.189.21.2.in-addr.arpa

IN PTR

Response

164.189.21.2.in-addr.arpa

IN PTR

a2-21-189-164deploystaticakamaitechnologiescom
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

41.225.217.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.225.217.52.in-addr.arpa

IN PTR

Response

41.225.217.52.in-addr.arpa

IN PTR

s3-1-w amazonawscom
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

194.17.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.17.21.2.in-addr.arpa

IN PTR

Response

194.17.21.2.in-addr.arpa

IN PTR

a2-21-17-194deploystaticakamaitechnologiescom
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G
DNS

140.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.71.91.104.in-addr.arpa

IN PTR

Response

140.71.91.104.in-addr.arpa

IN PTR

a104-91-71-140deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

2.21.189.233
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

228.69.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.69.165.172.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

18.24.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.24.18.2.in-addr.arpa

IN PTR

Response

18.24.18.2.in-addr.arpa

IN PTR

a2-18-24-18deploystaticakamaitechnologiescom
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.194:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Sun, 02 Jun 2024 08:45:19 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.7d3d3e17.1717317919.169a9e28
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

72.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.61.62.23.in-addr.arpa

IN PTR

Response

72.61.62.23.in-addr.arpa

IN PTR

a23-62-61-72deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

155.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.61.62.23.in-addr.arpa

IN PTR

Response

155.61.62.23.in-addr.arpa

IN PTR

a23-62-61-155deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5089A39066914AF19D59914DB64B9BA5 Ref B: LON04EDGE1112 Ref C: 2024-06-02T08:46:58Z
date: Sun, 02 Jun 2024 08:46:57 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEF753A61CDF4385B4B743FB91D2AE21 Ref B: LON04EDGE1112 Ref C: 2024-06-02T08:46:58Z
date: Sun, 02 Jun 2024 08:46:57 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

94.245.104.56:443

api.edgeoffer.microsoft.com

tls

3.6kB
7.5kB
14
15
13.107.6.158:443

business.bing.com

tls

3.4kB
9.8kB
19
23
104.91.71.140:443

bzib.nelreports.net

tls

2.3kB
5.0kB
11
13
52.217.225.41:80

http://savvyweb.s3.amazonaws.com/savvyapt_wbounce.png

http

709 B
1.1kB
7
6

HTTP Request

GET http://savvyweb.s3.amazonaws.com/savvyapt_wbounce.png

HTTP Response

404
142.250.187.202:80

http://fonts.googleapis.com/css?family=Rock+Salt%3Aregular&subset=latin&ver=4.7.5

http

685 B
1.2kB
7
7

HTTP Request

GET http://fonts.googleapis.com/css?family=Rock+Salt%3Aregular&subset=latin&ver=4.7.5

HTTP Response

200
142.250.187.202:80

http://fonts.googleapis.com/css?family=Old+Standard+TT%3A400%2C400italic%2C700&subset=latin%2Clatin-ext&ver=4.7.5

http

717 B
1.6kB
7
7

HTTP Request

GET http://fonts.googleapis.com/css?family=Old+Standard+TT%3A400%2C400italic%2C700&subset=latin%2Clatin-ext&ver=4.7.5

HTTP Response

200
216.58.201.99:80

http://fonts.gstatic.com/s/rocksalt/v22/MwQ0bhv11fWD6QsAVOZrt0M6.woff2

http

1.7kB
61.4kB
28
49

HTTP Request

GET http://fonts.gstatic.com/s/rocksalt/v22/MwQ0bhv11fWD6QsAVOZrt0M6.woff2

HTTP Response

200
2.21.17.194:443

www.microsoft.com

tls

4.1kB
23.3kB
27
36
104.91.71.140:443

bzib.nelreports.net

tls

3.7kB
6.1kB
13
16
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

2.5kB
7.5kB
12
12
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

11.9kB
12.9kB
32
33
13.107.246.64:443

edgestatic.azureedge.net

tls

3.2kB
8.1kB
16
17
13.107.246.64:443

edgestatic.azureedge.net

tls

3.0kB
7.8kB
13
14
13.107.246.64:443

edgestatic.azureedge.net

tls

121.5kB
6.0MB
2474
4328
13.107.246.64:443

edgestatic.azureedge.net

tls

9.4kB
274.9kB
125
217
13.107.246.64:443

wcpstatic.microsoft.com

tls

5.5kB
91.1kB
53
80
23.62.61.194:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.4kB
6.4kB
16
13

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
23.62.61.72:443

www.bing.com

tls

2.3kB
5.2kB
10
12
23.62.61.155:443

www.bing.com

tls

2.5kB
986 B
9
9
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

32.9kB
886.3kB
657
654

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
13

8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
226 B
1
1

DNS Request

api.edgeoffer.microsoft.com

DNS Response

94.245.104.56
8.8.8.8:53

api.edgeoffer.microsoft.com

dns

73 B
271 B
1
1

DNS Request

api.edgeoffer.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

104.91.71.140

104.91.71.133
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

savvyweb.s3.amazonaws.com

dns

71 B
249 B
1
1

DNS Request

savvyweb.s3.amazonaws.com

DNS Response

52.217.225.41

52.217.203.113

52.217.33.180

52.217.207.105

52.217.204.121

3.5.28.170

52.216.53.153

52.216.95.51
8.8.8.8:53

savvyweb.s3.amazonaws.com

dns

71 B
199 B
1
1

DNS Request

savvyweb.s3.amazonaws.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

greenearthterrarium.com

dns

69 B
142 B
1
1

DNS Request

greenearthterrarium.com
8.8.8.8:53

www.savvy-data.us

dns

63 B
126 B
1
1

DNS Request

www.savvy-data.us
8.8.8.8:53

www.savvy-data.us

dns

63 B
126 B
1
1

DNS Request

www.savvy-data.us
8.8.8.8:53

www.savvy-data.us

dns

63 B
126 B
1
1

DNS Request

www.savvy-data.us
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

56.104.245.94.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

56.104.245.94.in-addr.arpa
8.8.8.8:53

164.189.21.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

164.189.21.2.in-addr.arpa
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

41.225.217.52.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

41.225.217.52.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

194.17.21.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

194.17.21.2.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

140.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

140.71.91.104.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

2.21.189.233
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

228.69.165.172.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.69.165.172.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

18.24.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

18.24.18.2.in-addr.arpa
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
251 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
224.0.0.251:5353

204 B
3
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

72.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

72.61.62.23.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

155.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

155.61.62.23.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request