Malware Analysis Report

2025-04-14 02:03

Sample ID 240603-mqx3habf6z
Target 917a51fe2239c63d4694cc563539f6ae_JaffaCakes118
SHA256 c2a49ec6835843a7c61b2386f1de8796d0efd6d5a17c79447239403c8b160187
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c2a49ec6835843a7c61b2386f1de8796d0efd6d5a17c79447239403c8b160187

Threat Level: No (potentially) malicious behavior was detected

The file 917a51fe2239c63d4694cc563539f6ae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:40

Reported

2024-06-03 10:43

Platform

win7-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423573117" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDFE9AB1-2195-11EF-965F-FA9381F5F0AB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1264 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 medxwaste.com udp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 img1.wsimg.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
SE 92.123.135.91:443 img1.wsimg.com tcp
SE 92.123.135.91:443 img1.wsimg.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 8.8.8.8:53 ocsp.starfieldtech.com udp
US 8.8.8.8:53 ocsp.starfieldtech.com udp
US 192.124.249.36:80 ocsp.starfieldtech.com tcp
US 192.124.249.36:80 ocsp.starfieldtech.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2D2E.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2D32.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab2DE7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2DE9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee41f7673345b3cb44d974a0ff71d98d
SHA1 4eb844d42c5f07d762a92857e411f37bc67698f1
SHA256 deaa44589a6abc76b8daafb2235c23130cd44970e3881ffe8d0f3c8afb64d6a5
SHA512 5d7ad9709105000cbb96032ec7367cc0c4378feab1c000578d5a2af922e1110f1b5578a149f26cb9868a2c9f0b26a562f7f33f76122c54ae3666073d86a21f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01671028e0e0c4f11e4adbe47e492468
SHA1 525f46fea9f443cbd7ceb29ce7b45b107da496f1
SHA256 b1eaab4557c43c931d85dbc522e1a6b3938cc0585cfc8e0f16d26ecb45fbaabc
SHA512 5238c8df8bdce8767b696e970872521bdc64ec5078af49682038e20bbb36b3ee77b1ae8db40d5f3bc80e8ccfe8111dc3ae2145a9d2bac89f127bf34e116042fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa2fed593fd5c09f10d8879b2142cd8c
SHA1 c7543a812ca2ca8a22d584871edd91c39b0f4811
SHA256 bd9af0740c42019224b93bf5af88caccb1e92d9e3894d5904817c9ba14dfd9c9
SHA512 95437be3a8fd3d9d501cce9cf793a0ae01ee20caced50163225c0e5b52d70374847dfe457a84efe3f430ead08d511225ec4c04d4f049a02173076d43a415b47b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e4be5656fcef579fb757a32b81249f
SHA1 df49b13fa7588d1314bb7c628ccbfae747407457
SHA256 aebd16b829e916a7de5366cac5969e1b6a989d9d1eecd7c66ebb949c61c4be76
SHA512 27183b978dc09c0e04ff54d1d3a30a1d56adfdaf9550bd205a54fba87d4111777cc69c5a6ca5ff9d7614500b2a0c29fee873b50db753603ceb597be34e6bb6a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1609b9359a35861146ceef1069304c5
SHA1 7cf04c70b0991be8880631b18697ad57fec2606a
SHA256 e949addeeb7bdd16b3a8e5797d0c7a00fd769513dbb39a38c040c37b0d56ad7f
SHA512 c3681f11a859caaa0d3f0251690480bfcad0397f17774c89251b5e0d57732f2e0a30a988fe06358b4fa6c7d0c7954ef58f9998d480b77d4da80653f1b4c37045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd95f6282e2710c6a99bd459287f950a
SHA1 41fa882531e09f982625b056a648e6824fd925be
SHA256 801ae65c27876e7a8246d2266377e0abef87cac3e2a3141135f9e453a6db1526
SHA512 f419368b367b66da8b5ef9f98e69848d8a55eff3620b2bc6ecaeeb8fda78ffe2956325aa6bc923fb4d2ee10533c63e4b3d63a7fe0dcba5c07a725ecb49c2f155

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:40

Reported

2024-06-03 10:43

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\917a51fe2239c63d4694cc563539f6ae_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4404,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3744,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5160,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5444,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4264,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6940,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.134:443 bzib.nelreports.net tcp
US 8.8.8.8:53 medxwaste.com udp
US 8.8.8.8:53 medxwaste.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 secure.gravatar.com udp
US 8.8.8.8:53 img1.wsimg.com udp
US 8.8.8.8:53 img1.wsimg.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 192.0.73.2:443 secure.gravatar.com tcp
GB 216.58.213.14:445 www.google-analytics.com tcp
SE 92.123.135.91:443 img1.wsimg.com tcp
GB 216.58.213.14:139 www.google-analytics.com tcp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 91.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 166.62.74.224:80 medxwaste.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 166.62.74.224:80 medxwaste.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 events.api.secureserver.net udp
US 8.8.8.8:53 events.api.secureserver.net udp
NL 23.62.61.123:443 events.api.secureserver.net tcp
NL 23.62.61.123:443 events.api.secureserver.net tcp
US 8.8.8.8:53 csp.secureserver.net udp
US 8.8.8.8:53 csp.secureserver.net udp
BE 104.68.78.107:443 csp.secureserver.net tcp
BE 104.68.78.107:443 csp.secureserver.net tcp
US 8.8.8.8:53 123.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 107.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A