ed9e19e032a6b04631f64fb97bdae108763da320db246e36d656a54525b2fba3

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 08:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad722a367706070f54619652e6006c1b_JaffaCakes118.html
Size

59KB
MD5

ad722a367706070f54619652e6006c1b
SHA1

9176695e8dfc920765682107d1327fb88b38cd46
SHA256

ed9e19e032a6b04631f64fb97bdae108763da320db246e36d656a54525b2fba3
SHA512

0c0389f8a2807aadebb48b7b081698b4c86902d6486446900450e4202c8cd397a0bcbcf09af6fa9d43ddca9daaecfd1b37f9d0cc6630dd94d229281195713e39
SSDEEP

1536:dUqJb8VasiY7ZWozp/oiC/1t/ShktJjwWdiTFyfNWYJlpRwcfUbvpUixMQjRpA3C:/HwZ7p/oiC/7/ShipfpRwcfUmixMQjR5

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ad722a367706070f54619652e6006c1b_JaffaCakes118.html
1⤵
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3724 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4816 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5500 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5864 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1504

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

76.234.34.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.234.34.23.in-addr.arpa

IN PTR

Response

76.234.34.23.in-addr.arpa

IN PTR

a23-34-234-76deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.19.217.218
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.19.217.218
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

184.31.15.40

a416.dscd.akamai.net

IN A

184.31.15.35
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

tu.tv

Remote address:

8.8.8.8:53

Request

tu.tv

IN A

Response

tu.tv

IN A

172.67.207.117

tu.tv

IN A

104.21.53.14
DNS

tu.tv

Remote address:

8.8.8.8:53

Request

tu.tv

IN Unknown

Response

tu.tv

IN Unknown

h3h2h5�C�u &G01h5&G02�C�u
DNS

tu.tv

Remote address:

8.8.8.8:53

Request

tu.tv

IN A

Response

tu.tv

IN A

104.21.53.14

tu.tv

IN A

172.67.207.117
DNS

tu.tv

Remote address:

8.8.8.8:53

Request

tu.tv

IN Unknown

Response

tu.tv

IN Unknown

h3h2h5�C�u &G01h5&G02�C�u
DNS

40.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.15.31.184.in-addr.arpa

IN PTR

Response

40.15.31.184.in-addr.arpa

IN PTR

a184-31-15-40deploystaticakamaitechnologiescom
DNS

218.217.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.217.19.2.in-addr.arpa

IN PTR

Response

218.217.19.2.in-addr.arpa

IN PTR

a2-19-217-218deploystaticakamaitechnologiescom
DNS

14.53.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.53.21.104.in-addr.arpa

IN PTR

Response
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.19.217.218
DNS

uimg.tu.tv

Remote address:

8.8.8.8:53

Request

uimg.tu.tv

IN A

Response
DNS

uimg.tu.tv

Remote address:

8.8.8.8:53

Request

uimg.tu.tv

IN Unknown

Response
DNS

uimg.tu.tv

Remote address:

8.8.8.8:53

Request

uimg.tu.tv

IN A

Response
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.34.233.128
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

82.90.14.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.90.14.23.in-addr.arpa

IN PTR

Response

82.90.14.23.in-addr.arpa

IN PTR

a23-14-90-82deploystaticakamaitechnologiescom
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdeus15.eastus.cloudapp.azure.com

onedsblobprdeus15.eastus.cloudapp.azure.com

IN A

20.42.73.29
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

20.42.73.29:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Sat, 15 Jun 2024 08:04:21 GMT
DNS

29.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.73.42.20.in-addr.arpa

IN PTR

Response
DNS

vimg.tu.tv

Remote address:

8.8.8.8:53

Request

vimg.tu.tv

IN A

Response
DNS

vimg.tu.tv

Remote address:

8.8.8.8:53

Request

vimg.tu.tv

IN Unknown

Response
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN A

Response

a.hspvst.com

IN A

154.58.197.17
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN Unknown

Response
DNS

vimg.tu.tv

Remote address:

8.8.8.8:53

Request

vimg.tu.tv

IN A

Response
GET

http://a.hspvst.com/delivery/asyncjs.php

Remote address:

154.58.197.17:80

Request

GET /delivery/asyncjs.php HTTP/1.1
Host: a.hspvst.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sat, 15 Jun 2024 08:04:26 GMT
Server: Apache
Expire: Sat, 15 Jun 2024 09:04:26 GMT
Cache-Control: private, max-age=3600
Keep-Alive: timeout=3, max=1000
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/javascript;charset=UTF-8
DNS

tags.w55c.net

Remote address:

8.8.8.8:53

Request

tags.w55c.net

IN A

Response

tags.w55c.net

IN CNAME

geotags.w55c.net

geotags.w55c.net

IN CNAME

cdn.w55c.net

cdn.w55c.net

IN A

54.77.130.68

cdn.w55c.net

IN A

34.251.19.157

cdn.w55c.net

IN A

34.250.160.0
DNS

tags.w55c.net

Remote address:

8.8.8.8:53

Request

tags.w55c.net

IN Unknown

Response

tags.w55c.net

IN CNAME

geotags.w55c.net

geotags.w55c.net

IN CNAME

cdn.w55c.net
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

17.197.58.154.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.197.58.154.in-addr.arpa

IN PTR

Response

17.197.58.154.in-addr.arpa

IN PTR

staticip-hv4m17 hispavistacom
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f14�H
DNS

68.130.77.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.130.77.54.in-addr.arpa

IN PTR

Response

68.130.77.54.in-addr.arpa

IN PTR

ec2-54-77-130-68 eu-west-1compute amazonawscom
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN A

Response

a.hspvst.com

IN A

154.58.197.17
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN Unknown

Response
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN A

Response

a.hspvst.com

IN A

154.58.197.17
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN A

Response

a.hspvst.com

IN A

154.58.197.17
DNS

a.hspvst.com

Remote address:

8.8.8.8:53

Request

a.hspvst.com

IN Unknown

Response
GET

http://a.hspvst.com/delivery/afr.php?zoneid=18&source=tutv_animales&e=240&e2=2355&ty=000&kw=zelzperrozpatinadorz&kw2=3&cb=1718438666453

Remote address:

154.58.197.17:80

Request

GET /delivery/afr.php?zoneid=18&source=tutv_animales&e=240&e2=2355&ty=000&kw=zelzperrozpatinadorz&kw2=3&cb=1718438666453 HTTP/1.1
Host: a.hspvst.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 503 Service Unavailable

Date: Sat, 15 Jun 2024 08:04:27 GMT
Server: Apache
Last-Modified: Tue, 30 Sep 2014 13:42:51 GMT
Accept-Ranges: bytes
Content-Length: 524
Connection: close
Content-Type: text/html
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

35.15.31.184.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.15.31.184.in-addr.arpa

IN PTR

Response

35.15.31.184.in-addr.arpa

IN PTR

a184-31-15-35deploystaticakamaitechnologiescom
DNS

194.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.61.62.23.in-addr.arpa

IN PTR

Response

194.61.62.23.in-addr.arpa

IN PTR

a23-62-61-194deploystaticakamaitechnologiescom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

22.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.236.111.52.in-addr.arpa

IN PTR

Response
DNS

137.71.105.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.71.105.51.in-addr.arpa

IN PTR

Response

13.107.6.158:443

business.bing.com

tls

2.4kB
10.2kB
18
24
13.87.96.169:443

nav-edge.smartscreen.microsoft.com

tls

1.0kB
6.8kB
10
10
13.87.96.169:443

nav-edge.smartscreen.microsoft.com

tls

12.8kB
14.3kB
36
37
2.19.217.218:443

www.microsoft.com

tls

2.7kB
22.9kB
26
36
184.31.15.40:443

bzib.nelreports.net

tls

2.6kB
6.0kB
14
15
216.58.213.14:445

www.google-analytics.com

260 B
5
104.21.53.14:443

tu.tv

tls

1.0kB
3.2kB
9
7
104.21.53.14:443

tu.tv

tls

989 B
3.2kB
9
7
104.21.53.14:443

tu.tv

tls

1.0kB
3.2kB
9
7
104.21.53.14:443

tu.tv

tls

1.1kB
3.2kB
9
7
13.107.246.64:443

edgestatic.azureedge.net

tls

86.4kB
4.7MB
1805
3421
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.9kB
13
14
13.107.246.64:443

edgestatic.azureedge.net

tls

1.7kB
7.9kB
13
14
216.58.213.14:139

www.google-analytics.com

260 B
5
20.42.73.29:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

4.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
154.58.197.17:80

http://a.hspvst.com/delivery/asyncjs.php

http

721 B
9.2kB
9
11

HTTP Request

GET http://a.hspvst.com/delivery/asyncjs.php

HTTP Response

200
54.77.130.68:443

tags.w55c.net

tls

2.8kB
7.5kB
16
14
54.77.130.68:443

tags.w55c.net

tls

2.7kB
7.5kB
16
14
13.107.246.64:443

edgestatic.azureedge.net

tls

7.8kB
272.4kB
123
213
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.1kB
91.0kB
52
78
154.58.197.17:80

http://a.hspvst.com/delivery/afr.php?zoneid=18&source=tutv_animales&e=240&e2=2355&ty=000&kw=zelzperrozpatinadorz&kw2=3&cb=1718438666453

http

794 B
958 B
5
5

HTTP Request

GET http://a.hspvst.com/delivery/afr.php?zoneid=18&source=tutv_animales&e=240&e2=2355&ty=000&kw=zelzperrozpatinadorz&kw2=3&cb=1718438666453

HTTP Response

503
154.58.197.17:443

a.hspvst.com

tls

1.9kB
4.9kB
9
10
23.62.61.194:443

www.bing.com

tls

1.1kB
5.1kB
9
11
23.62.61.194:443

www.bing.com

tls

1.2kB
906 B
7
7

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
243 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

76.234.34.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

76.234.34.23.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.19.217.218
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.19.217.218
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

184.31.15.40

184.31.15.35
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

tu.tv

dns

51 B
83 B
1
1

DNS Request

tu.tv

DNS Response

172.67.207.117

104.21.53.14
8.8.8.8:53

tu.tv

dns

51 B
124 B
1
1

DNS Request

tu.tv
8.8.8.8:53

tu.tv

dns

51 B
83 B
1
1

DNS Request

tu.tv

DNS Response

104.21.53.14

172.67.207.117
8.8.8.8:53

tu.tv

dns

51 B
124 B
1
1

DNS Request

tu.tv
104.21.53.14:443

tu.tv

https

13.1kB
216.0kB
102
230
8.8.8.8:53

40.15.31.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

40.15.31.184.in-addr.arpa
8.8.8.8:53

218.217.19.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

218.217.19.2.in-addr.arpa
8.8.8.8:53

14.53.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.53.21.104.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.19.217.218
8.8.8.8:53

uimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

uimg.tu.tv
8.8.8.8:53

uimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

uimg.tu.tv
8.8.8.8:53

uimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

uimg.tu.tv
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
231 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
275 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.34.233.128
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

82.90.14.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

82.90.14.23.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
211 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

20.42.73.29
8.8.8.8:53

29.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

29.73.42.20.in-addr.arpa
8.8.8.8:53

vimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

vimg.tu.tv
8.8.8.8:53

vimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

vimg.tu.tv
8.8.8.8:53

a.hspvst.com

dns

58 B
74 B
1
1

DNS Request

a.hspvst.com

DNS Response

154.58.197.17
8.8.8.8:53

a.hspvst.com

dns

58 B
122 B
1
1

DNS Request

a.hspvst.com
8.8.8.8:53

vimg.tu.tv

dns

56 B
118 B
1
1

DNS Request

vimg.tu.tv
8.8.8.8:53

tags.w55c.net

dns

59 B
147 B
1
1

DNS Request

tags.w55c.net

DNS Response

54.77.130.68

34.251.19.157

34.250.160.0
8.8.8.8:53

tags.w55c.net

dns

59 B
180 B
1
1

DNS Request

tags.w55c.net
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
251 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
282 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

17.197.58.154.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

17.197.58.154.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

68.130.77.54.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

68.130.77.54.in-addr.arpa
8.8.8.8:53

a.hspvst.com

dns

58 B
74 B
1
1

DNS Request

a.hspvst.com

DNS Response

154.58.197.17
8.8.8.8:53

a.hspvst.com

dns

58 B
122 B
1
1

DNS Request

a.hspvst.com
8.8.8.8:53

a.hspvst.com

dns

58 B
74 B
1
1

DNS Request

a.hspvst.com

DNS Response

154.58.197.17
8.8.8.8:53

a.hspvst.com

dns

58 B
74 B
1
1

DNS Request

a.hspvst.com

DNS Response

154.58.197.17
8.8.8.8:53

a.hspvst.com

dns

58 B
122 B
1
1

DNS Request

a.hspvst.com
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

35.15.31.184.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

35.15.31.184.in-addr.arpa
8.8.8.8:53

194.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

194.61.62.23.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

22.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.236.111.52.in-addr.arpa
8.8.8.8:53

137.71.105.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

137.71.105.51.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request