Analysis Overview
SHA256
58156d168041ad359f923505b63dc321d261187a82b62c65b8fd86a8e1009ed9
Threat Level: No (potentially) malicious behavior was detected
The file 91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:57
Reported
2024-06-03 12:59
Platform
win7-20240508-en
Max time kernel
138s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c2200bc75ea57e17fd188da517b9c28ed7f5e12296986f0ee17504d5c053f5f3000000000e80000000020000200000000f00c7267d4eb9b4f9f664a8dc834a855059b681779120b941c9fd4737f847a120000000d6c4c16342d13902253f4859a3aa3fc3511389d785a7206d53b7de088fa237a04000000040ec8d247c72712174e7e6ce0e444614c9b46256f2a1e4c5eedcffdda9042b2c9bb192d59ee0150e087b2127c2b3410fd249f8e05cc1cfff893bc21e38c06ae5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581293" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a734dbb5b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000575ec224c12e1ce4b90a49b4e6c6af1a1574c14ef453c7306b1c3170e7c8ee59000000000e8000000002000020000000511fb19d9194a47b4f5c227c537202aae01945fc50305c4409ae84e2964e669390000000eba5e44ed99648b58d608319883ec2dd9ca768641691253bc8f022ec2aa9088007c1017f4593289d627c0aed7ef8e4e9f7df33aea427e439fcc196a6c28000f972703c36ebe863a3be0c35b0010150b6c4db3c276b2acde8797b5c6152481983bb6df402c15bdb13a581b109703cac050da8125bc1c9e7f79b7655c5fe67004dc2e7e2324bfb49b1b562686f6086a87740000000b3b39847d2a56d2aabf01c8d08b74288f8a145bbf4ddf178df65e8e1fb2c0ff99d3416b03a94f64d2b402d2a350b1b0d55986e123d6314c61052d8864af9c93f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7498FE1-21A8-11EF-A9A6-4658C477BD5D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2604 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.ihow.cn | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| HK | 36.51.224.126:80 | service.t.sina.com.cn | tcp |
| HK | 36.51.224.126:80 | service.t.sina.com.cn | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| HK | 36.51.224.126:443 | widget.weibo.com | tcp |
| HK | 36.51.224.126:443 | widget.weibo.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.166:80 | ocsp.dcocsp.cn | tcp |
| GB | 79.133.176.211:80 | ocsp.dcocsp.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\WeiboShow[3].htm
| MD5 | f5ba896d004fc2ad25e2efb56b129b57 |
| SHA1 | f4f586a75c24d595aebac0d105fbf989b7f723fe |
| SHA256 | 5551cf9ff3d42d87dcd453c15951f650effe152236573faf7e3fa6813343bb7e |
| SHA512 | 7431e23775359b0a0d7cad2990b3890d14ff203a8113e404b0439ca9f5019021ed395b5f2c9e4b5ba59a398659578205bcb5c92ebd3f8629b70ab8d97f5713fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\WeiboShow[3].htm
| MD5 | 7029066c27ac6f5ef18d660d5741979a |
| SHA1 | 46c6643f07aa7f6bfe7118de926b86defc5087c4 |
| SHA256 | 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2 |
| SHA512 | 7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bd4a0d54c0e6abeba77a17f533addcb |
| SHA1 | b648a4f7dd82bd4d90aae09af13b0c7336dd08c4 |
| SHA256 | 008f05e60901eca814bc2945a9a5d5a607d9fae9c65ca38ff3dd8803f79babca |
| SHA512 | aa9028bcee8ffd2f294580efa82de56e2d85d365177e44debfb2d121f3fb74c22fc524b025c04c6b8f27378ae931357434f4416233dca724b1841dc729d51fd5 |
C:\Users\Admin\AppData\Local\Temp\Tar1F37.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab1F34.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1FC9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36375876d1e95c9d30851409890d6f4e |
| SHA1 | dd6bcabc1cd81cd8bd8f0bee195e39887f269207 |
| SHA256 | 96ed3d5155846e8c28f51e463c0332d3e905e8dd3c3e8be44903cd237c560cc2 |
| SHA512 | 46dce2f2a2a318762f9d1369860bf8595a7ee66bfaa19d323eae0a7b1dbf65da4b6bb2b2f4edf04d2f1249b6ad020a78983e7efd1ef160967625cb2305b0bf32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d66f69eb7b170bf1905d1a1ae75c6a8 |
| SHA1 | c4ff6bccd44a30deff9de80a2d4e30955e01a569 |
| SHA256 | f9f0c9dd01305a65c44629082c8922912dfc9d39ece5ac0a5d957664f01c719b |
| SHA512 | f477391240581b81a9278087629bdcfe482484d400506c1d87705585e05a55b1b64d364cd1b29f6801abd3e2824590291477c93961b9f0c45b96c27f6c37d84c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6728e397350836f9ac6f12cee200ff25 |
| SHA1 | 229303aabb15bdfa3b0a2f9e2af486a28bbb7aa3 |
| SHA256 | efb0385ee08841ac20f7197d772650e96b58bc9a4935bcf6431c7b104daf4c25 |
| SHA512 | 082aa9c561cbfdc306bc82722b3689465f5a7c229121a108fafe48fbb4bacef007d8783df9c1b31db2ffe24d35e8e0a616c5c79d708940d76da06909a1c7f16f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92bdccf9269f06c9fe05f2919aece11a |
| SHA1 | 3b8245b51f4b6d3d9ec2172b25192c7ca8b2fa56 |
| SHA256 | 8d6dab5a30cfe0e192ff998b11d06aec792fc50dfd9211e4b25fd22a1dea006f |
| SHA512 | 33f9d1ebdfa3df6b7922e96a734aac1267fb03e670586749a2f896d575205d9f46ac2388cbe142e21c5185496c513d7a1753c4b0ee754ad1dd9ca0fb76c97197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c1fe2ebf458fe381344107d6898249 |
| SHA1 | 531c509d05d4448c37af6db6c0c64e5f7bdf28af |
| SHA256 | 381ac3b0312f8d33ccdf18c904f915b6a0a7405af8c5219e380ad882eba61567 |
| SHA512 | 05f125ca1400ec1bc0911412b93780ac0ded9d90a21466532e4cc715777215c00c860ec4835e8dd522adec52bf420ad88f9004d08cb0e46cf2c6406570dd23b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0da48627c0409003bc28e8119044cb |
| SHA1 | bb45c7832f641acc432e683fd179b79038b04dd6 |
| SHA256 | 5221a02c5f953d753364845686541ac663a670ed96b26af8b5ac5700731011e5 |
| SHA512 | f5c3498c7479960f3723f5c6529627ff94cfa6c103e86c13f44e13000cf3f8a35c77dc417865e94a8b1b9a8d1077f8b2611082e4052debf125484b082e5351c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99840ce97495b4d03139e2bb6f49b687 |
| SHA1 | c2aef2fe39af25623c7c5088c3c6b0da8b454f9e |
| SHA256 | e408ad3e5366bc700250701645f7d143173a38bcab63a492d218b95e35bf6f14 |
| SHA512 | 5e23dfed9a4378da0e35ad51ce4b0fec1228dbac49f6c1352c7e07db278620e8be486bf9fd7fa51efcf63b72995ddc10f0f58b2aeb19968b18f7cc1eb02b290c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccfa0296627fd3c94ea9a258ef02ee44 |
| SHA1 | c229115b7fa3d09702dfe6c179a9810c954fbfbd |
| SHA256 | e56c00e6bc9989345976deae463a7c401682d6773b1ff985aa5f75a4dfff2a42 |
| SHA512 | 0b53694d60919183ecd43af5ab1f48e2783b215c4607794e9284ece4d8533de985a50e0f2fde44211630a60b122b629aaf10e0815451f4a4e4f2c6001518705c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f15fc18c227a725ed0567af8f43b4d4d |
| SHA1 | 2d9d325849a3a47e43a6a7c8b2986a6c3f9ba6d8 |
| SHA256 | 8b50f159de70bb8a1498dc0843467c5e3aafe9f244a1fb29eb14485500adcade |
| SHA512 | 180e576872e7fc74c854245c07bda9c67f7135930bea71ecabe11dbc3718fba78f8f831010acc318e906ba5fdc8bdcc2bf9b4b0f2426b91c1901847b7e554ccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5dcaa7c8e7ab7e1da8c1690bbcd8b4d |
| SHA1 | 5edafbd89ffc5d7903ceea042121acb512d268d5 |
| SHA256 | 07f03bb9b259fc684c6a4f993b7efe32b7f5e06fb6bf359c0d2c260a0bfa3443 |
| SHA512 | 39555237878c6293faacba6de29e9ca63143590ffad418ad2cbfd3486bce2a4c3b04c733a8657aeba33dec6731805ec3caafd6a6e03626711ff4cb9871f66796 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77ec804f83d1e1b1ab8699b932c0cb06 |
| SHA1 | 26a58bb1acc707e21ac09130a25852a960a71a81 |
| SHA256 | b84c2c51fb3ba9013d9dabe637c1b4598ed9572491521d677c2a24f4eca373b7 |
| SHA512 | e72d5c85eda089a16690137bccc71a0e29f8b58bc826c7839ac16eb6189d251f1b5ceccd2ac41ceec3e682f8870abde589b6202eb46595d063a88c4bd5a4830d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 688f59994bf151fcc650effec6ce8c1a |
| SHA1 | 1c2239452f492bb0d8524e8a06e06e137330e4ee |
| SHA256 | 2971cd09208b53deb00021d3d7f956aaa4e760399e9635a7389f134db25e1bf3 |
| SHA512 | 98cffbab153eeb9d76223bd84f1fae5422338aa27d82444473fc01c7a05e73b21f6290057db051c9a70cb06197b7ff49fdc0c142575d498b3233e0fc0fd7d24f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8461e079d010b556536357f5f585d386 |
| SHA1 | 552a312d6f5cab1ecd894002054ec013b371f906 |
| SHA256 | a65b1f8428cf8468ccb3058764c9365da80603f178a31493a6761aa3eb2438bb |
| SHA512 | 90b8e5cf094ed45b23edc27a84c2f419799da2d42557ff4053df103297f3036b3f76acf81a749916909a956f56f5afd5159987378dd44bfaab1d5d2718db817c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4af069407578de04f85a791a6d2a7b50 |
| SHA1 | 09ab55c101d3dd868e8dc288ccdb420c6fcc61f4 |
| SHA256 | ac4d0db78693fc2936cc7ff8029c01d7d8a0706857e6f0c4d8c246e179975b15 |
| SHA512 | 86a2d64310245db13c7f34c4cbe3a07381349c97a9bdb4ab4a891a59a6ee38a07c4fd562dae8f88e7da10cdcf0fe14a296e2e3c4a34946b6d022228a96ed162c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 984719dcd41f17d99d37c11f56878358 |
| SHA1 | c8fdd87f17772f545be4d3ecc44f81553864a0f6 |
| SHA256 | 64af1a8384107fe39e8bed4e9b0dad625b922822fe2c0706a58617bc3aad23f6 |
| SHA512 | 16ff6b4cfdf0e50c9e0fece6edaf8808c01d488d9d5a92aeaa6eee11c80b6736c57b6fb5af181ca282efbfd77dca7448bb9fe625c829d282e4fdb71f48be788f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e28a3607f4d492d6390511957374ee94 |
| SHA1 | fbfddecfa4ab9181fee83b8bc348fc2f372f9606 |
| SHA256 | af9632f4b325ddeb62a2d4608903a51ae02b71570cc27c425c9c77b91e5de27a |
| SHA512 | eb0246e46703e70ec96ece6a1c95d4e4cbecfc74273a96d0dc778d4e8f08a180acacf8b88b081bca803ea9b198eb302dc2f2f4fc598fd9610165a0f24d042a95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42c31b0714ddea92eb5f7e3b57239255 |
| SHA1 | 63e139c15dea0e62f7d344b1512557c8da44e7b8 |
| SHA256 | eaaf1bee904c6418200cd3bba758955f0f86e360942a5b4825007fc70089c56c |
| SHA512 | 7971e3d2d48c89126244019af9064f1215561415dd3f7ab4ef2e52ac7feec52df81840888538d85798a91759e594f5a07b43ec0183f2c02044e1b72d951c8137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fc77d9535ed855c15c0f10ba423642a |
| SHA1 | 4af2a87b64ec8a75d3fb01b713e2ee7e1258dbee |
| SHA256 | 5e62ca471aed86495331af03850a5abc13489568fb50bf9bfda60f3b175ebb32 |
| SHA512 | e68aed3c11db2e296c9218860c82fbdd01be6eabd272a7a8b0aaf63d4e91cdd8a9fd682f5d20c64ed6e1e0f05b0290177ebfc46037b69cec79c08ac00927aa22 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:57
Reported
2024-06-03 12:59
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
145s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4160,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4148,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5308,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5448,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5476,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4072,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6168,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6340,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5548,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.ihow.cn | udp |
| US | 8.8.8.8:53 | www.ihow.cn | udp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 8.8.8.8:53 | 123.44.233.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 46.233.44.123:80 | www.ihow.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 64.233.185.120:80 | csi.gstatic.com | tcp |
| US | 64.233.185.120:80 | csi.gstatic.com | tcp |
| HK | 36.51.224.123:80 | service.t.sina.com.cn | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| HK | 36.51.224.123:80 | service.t.sina.com.cn | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.185.233.64.in-addr.arpa | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| HK | 36.51.224.126:443 | widget.weibo.com | tcp |
| HK | 36.51.224.126:443 | widget.weibo.com | tcp |
| US | 8.8.8.8:53 | 123.224.51.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | 126.224.51.36.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | service.t.sina.com.cn | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | widget.weibo.com | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |