da189beac71e1d0ec77f750919ecb619b941e24a43b4574bd0babe379bada816

Analysis

max time kernel
128s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html
Size

77KB
MD5

eab347c65c9bc0bdfac8eefc174f2aa7
SHA1

7ba70a2a6b347414cb3d784225f5a98fbd37fe8b
SHA256

da189beac71e1d0ec77f750919ecb619b941e24a43b4574bd0babe379bada816
SHA512

9f9a9be779666f40853286715003864cd6c0a6c6022e43659291f147474c7405205ee85f6f0ab115f0f702057ffe421490d2d049a0d8aa272b67f750309092f9
SSDEEP

1536:S5YDhRfST8yW+JKCujGbc9kzILW8nQDuLweDGO:SOffS/bhcDN

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\eab347c65c9bc0bdfac8eefc174f2aa7_JaffaCakes118.html
1⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1336,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:1
1⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3864,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:1
1⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5408,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=1296 /prefetch:8
1⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=3340,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
1⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5792,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:1
1⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5972,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:1
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5436,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
1⤵
PID:2256

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

informpromo.com

Remote address:

8.8.8.8:53

Request

informpromo.com

IN A

Response
DNS

informpromo.com

Remote address:

8.8.8.8:53

Request

informpromo.com

IN Unknown

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN A

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN Unknown

Response
DNS

static.general-community.com

Remote address:

8.8.8.8:53

Request

static.general-community.com

IN A

Response
DNS

static.general-community.com

Remote address:

8.8.8.8:53

Request

static.general-community.com

IN Unknown

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN A

Response
DNS

informpromo.com

Remote address:

8.8.8.8:53

Request

informpromo.com

IN A

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN A

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN Unknown

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

23.73.139.27

a416.dscd.akamai.net

IN A

23.73.139.50
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

2.18.109.243
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN Unknown

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net
GET

http://s7.addthis.com/js/250/addthis_widget.js

Remote address:

2.18.109.243:80

Request

GET /js/250/addthis_widget.js HTTP/1.1
Host: s7.addthis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 308 Permanent Redirect

Server: nginx/1.15.8
Content-Type: text/html
Content-Length: 171
Location: https://s7.addthis.com/js/250/addthis_widget.js
Date: Thu, 19 Sep 2024 05:49:09 GMT
Connection: keep-alive
X-Distribution: 99
X-Host: s7.addthis.com
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN A

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net

e4016.a.akamaiedge.net

IN A

2.18.109.243
DNS

s7.addthis.com

Remote address:

8.8.8.8:53

Request

s7.addthis.com

IN Unknown

Response

s7.addthis.com

IN CNAME

s8.addthis.com

s8.addthis.com

IN CNAME

ds-s7.addthis.com.edgekey.net

ds-s7.addthis.com.edgekey.net

IN CNAME

e4016.a.akamaiedge.net
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

27.139.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.139.73.23.in-addr.arpa

IN PTR

Response

27.139.73.23.in-addr.arpa

IN PTR

a23-73-139-27deploystaticakamaitechnologiescom
DNS

243.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.109.18.2.in-addr.arpa

IN PTR

Response

243.109.18.2.in-addr.arpa

IN PTR

a2-18-109-243deploystaticakamaitechnologiescom
DNS

static.general-community.com

Remote address:

8.8.8.8:53

Request

static.general-community.com

IN Unknown

Response
DNS

static.general-community.com

Remote address:

8.8.8.8:53

Request

static.general-community.com

IN A

Response
DNS

static.general-community.com

Remote address:

8.8.8.8:53

Request

static.general-community.com

IN A

Response
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN A

Response
DNS

static.generalfil.es

Remote address:

8.8.8.8:53

Request

static.generalfil.es

IN Unknown

Response
DNS

cookies.ambercrow.com

Remote address:

8.8.8.8:53

Request

cookies.ambercrow.com

IN A

Response
DNS

cookies.ambercrow.com

Remote address:

8.8.8.8:53

Request

cookies.ambercrow.com

IN Unknown

Response
DNS

www.bnserving.com

Remote address:

8.8.8.8:53

Request

www.bnserving.com

IN A

Response

www.bnserving.com

IN A

192.243.61.225

www.bnserving.com

IN A

192.243.59.12

www.bnserving.com

IN A

192.243.59.13

www.bnserving.com

IN A

192.243.59.20

www.bnserving.com

IN A

192.243.61.227
DNS

www.bnserving.com

Remote address:

8.8.8.8:53

Request

www.bnserving.com

IN Unknown

Response
DNS

cookies.ambercrow.com

Remote address:

8.8.8.8:53

Request

cookies.ambercrow.com

IN A

Response
GET

http://www.bnserving.com/invoke.js

Remote address:

192.243.61.225:80

Request

GET /invoke.js HTTP/1.1
Host: www.bnserving.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx/1.21.6
Date: Thu, 19 Sep 2024 05:49:11 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 94030e49c34af5c791087603ab4620fd
Cache-Control: max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN Unknown

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

225.61.243.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.61.243.192.in-addr.arpa

IN PTR

Response
DNS

static.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.27.27
DNS

static.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN Unknown

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN Unknown

h2h3

scontent.xx.fbcdn.net

IN Unknown

scontentfallbackxxfbcdnneth2h3
DNS

scontent.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

157.240.27.27
DNS

scontent.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN Unknown

Response

scontent.xx.fbcdn.net

IN Unknown

scontentfallbackxxfbcdnneth2h3

scontent.xx.fbcdn.net

IN Unknown

h2h3
DNS

external.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

external.xx.fbcdn.net

IN A

Response

external.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.27.27
DNS

external.xx.fbcdn.net

Remote address:

8.8.8.8:53

Request

external.xx.fbcdn.net

IN Unknown

Response

external.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN Unknown

scontentfallbackxxfbcdnneth2h3

scontent.xx.fbcdn.net

IN Unknown

h2h3
DNS

27.27.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.27.240.157.in-addr.arpa

IN PTR

Response

27.27.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-dus1fbcdnnet
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

26.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.135.221.88.in-addr.arpa

IN PTR

Response

26.135.221.88.in-addr.arpa

IN PTR

a88-221-135-26deploystaticakamaitechnologiescom
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

197.87.175.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.87.175.4.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

33.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.135.221.88.in-addr.arpa

IN PTR

Response

33.135.221.88.in-addr.arpa

IN PTR

a88-221-135-33deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

13.107.6.158:443

business.bing.com

tls

3.9kB
10.2kB
19
24
23.73.139.27:443

bzib.nelreports.net

tls

2.8kB
5.4kB
12
14
2.18.109.243:80

http://s7.addthis.com/js/250/addthis_widget.js

http

635 B
726 B
7
6

HTTP Request

GET http://s7.addthis.com/js/250/addthis_widget.js

HTTP Response

308
2.18.109.243:443

s7.addthis.com

tls

3.1kB
6.8kB
17
22
192.243.61.225:80

http://www.bnserving.com/invoke.js

http

672 B
983 B
6
5

HTTP Request

GET http://www.bnserving.com/invoke.js

HTTP Response

200
163.70.151.35:443

www.facebook.com

tls

2.3kB
3.1kB
10
9
163.70.151.35:443

www.facebook.com

tls

5.8kB
42.8kB
35
51
142.250.200.14:445

www.google-analytics.com

260 B
5
157.240.27.27:443

external.xx.fbcdn.net

tls

5.0kB
15.9kB
29
35
142.250.200.14:139

www.google-analytics.com

260 B
5
88.221.135.33:443

www.bing.com

tls

2.3kB
5.2kB
10
12

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

informpromo.com

dns

61 B
134 B
1
1

DNS Request

informpromo.com
8.8.8.8:53

informpromo.com

dns

61 B
134 B
1
1

DNS Request

informpromo.com
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

static.general-community.com

dns

74 B
74 B
1
1

DNS Request

static.general-community.com
8.8.8.8:53

static.general-community.com

dns

74 B
74 B
1
1

DNS Request

static.general-community.com
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

informpromo.com

dns

61 B
134 B
1
1

DNS Request

informpromo.com
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

23.73.139.27

23.73.139.50
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

s7.addthis.com

dns

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

2.18.109.243
8.8.8.8:53

s7.addthis.com

dns

60 B
211 B
1
1

DNS Request

s7.addthis.com
8.8.8.8:53

s7.addthis.com

dns

60 B
169 B
1
1

DNS Request

s7.addthis.com

DNS Response

2.18.109.243
8.8.8.8:53

s7.addthis.com

dns

60 B
211 B
1
1

DNS Request

s7.addthis.com
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

27.139.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

27.139.73.23.in-addr.arpa
8.8.8.8:53

243.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

243.109.18.2.in-addr.arpa
8.8.8.8:53

static.general-community.com

dns

74 B
74 B
1
1

DNS Request

static.general-community.com
8.8.8.8:53

static.general-community.com

dns

74 B
74 B
1
1

DNS Request

static.general-community.com
8.8.8.8:53

static.general-community.com

dns

74 B
74 B
1
1

DNS Request

static.general-community.com
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

static.generalfil.es

dns

66 B
121 B
1
1

DNS Request

static.generalfil.es
8.8.8.8:53

cookies.ambercrow.com

dns

67 B
135 B
1
1

DNS Request

cookies.ambercrow.com
8.8.8.8:53

cookies.ambercrow.com

dns

67 B
135 B
1
1

DNS Request

cookies.ambercrow.com
8.8.8.8:53

www.bnserving.com

dns

63 B
143 B
1
1

DNS Request

www.bnserving.com

DNS Response

192.243.61.225

192.243.59.12

192.243.59.13

192.243.59.20

192.243.61.227
8.8.8.8:53

www.bnserving.com

dns

63 B
129 B
1
1

DNS Request

www.bnserving.com
8.8.8.8:53

cookies.ambercrow.com

dns

67 B
135 B
1
1

DNS Request

cookies.ambercrow.com
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

www.facebook.com

dns

62 B
136 B
1
1

DNS Request

www.facebook.com
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

225.61.243.192.in-addr.arpa

dns

73 B
153 B
1
1

DNS Request

225.61.243.192.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.27.27
8.8.8.8:53

static.xx.fbcdn.net

dns

65 B
169 B
1
1

DNS Request

static.xx.fbcdn.net
8.8.8.8:53

scontent.xx.fbcdn.net

dns

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

157.240.27.27
8.8.8.8:53

scontent.xx.fbcdn.net

dns

67 B
148 B
1
1

DNS Request

scontent.xx.fbcdn.net
8.8.8.8:53

external.xx.fbcdn.net

dns

67 B
106 B
1
1

DNS Request

external.xx.fbcdn.net

DNS Response

157.240.27.27
8.8.8.8:53

external.xx.fbcdn.net

dns

67 B
171 B
1
1

DNS Request

external.xx.fbcdn.net
157.240.27.27:443

external.xx.fbcdn.net

https

11.3kB
324.6kB
99
287
157.240.27.27:443

external.xx.fbcdn.net

https

3.1kB
4.5kB
7
9
8.8.8.8:53

27.27.240.157.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

27.27.240.157.in-addr.arpa
88.221.135.26:443

www.bing.com

https

4.3kB
6.7kB
9
13
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

26.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

26.135.221.88.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

197.87.175.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

197.87.175.4.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

33.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

33.135.221.88.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request