Analysis Overview
SHA256
33b06ec67f0748dc8fc0765ae21319b8d9be582f4f094e8258209c59b07e1da4
Threat Level: No (potentially) malicious behavior was detected
The file 91ffc3b7213c748cfa492899fa4d1d64_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:44
Reported
2024-06-03 13:47
Platform
win7-20240221-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E31C6A1-21AF-11EF-A965-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423584150" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sa9.186632.cc | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab17C7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar18A8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76f0c2bdf31924ed4f12d8ee4b8ab41f |
| SHA1 | a20576486a91ecb4bd60ebe33f5685d536b91b17 |
| SHA256 | d0b63368f3ba87bb3e74e67b9b71d283d2e8e0d5951f22e3f7754e03b9b02368 |
| SHA512 | f0fe7fe9bd0c6f14925022430fa27cea34dd8f1d6790fb27ba8e3751024ea2a9aa88346882fd09eb38fc0494a9812299d05ecbcc0217fa5f58f037e5168a8881 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a27b80c49c1bfdffd83ffca1c2a45629 |
| SHA1 | 4eea8ee0c164494cf3ff3d2d0eacf0d9315476df |
| SHA256 | 5fbc1e2762634a5e7ae5ed4ecde1976d1ccda6a6958fab2a7410700f65d2d7e5 |
| SHA512 | 53edd04faf2792c62c5c270980e367cb581b75e19310a54b5e536b28c656ad291f5d223a8d275cc9065ce5d03af6045d251e5ae838f1a725fe965341b13c2e89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ccb3b0fae05a07045f308276846fbd2 |
| SHA1 | 8f026d5923aadfff2a40efab8444e58663ffd962 |
| SHA256 | 1f6f3ec162bd3d72c6144ede247b53cc902a3926b0aac5dd21aab6cf3f81da83 |
| SHA512 | d58e1a548a17153ada48209afba2c8527fdc2dd1d0e9e59742fb086b279e6897716bb9a1d03bd727b3c0b9d1388c2d75ab1fedf29157cb4b084ba226e515d5c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1c88e17363c0df9a519c4719b3f22b6 |
| SHA1 | f2a695b56428e66fe9e1b9af07650a6841121b85 |
| SHA256 | 37b3977a73f800e35b51378388cd6ede5c2407da8ee54a4cb6ef7ff73bfc5cce |
| SHA512 | 0198460f4ab5f75338e122c8293315bc3f0b157f4ee89a41571fedb1d4a23fc64f7e057f8a4ae9bcdaeaeaa99ee3af287c018b45d7d67aa52b57b7150d26c1a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39439477710c51d20644486caaba742c |
| SHA1 | 4d58c2a35a648401c8b9095e938716f4d74eccbb |
| SHA256 | 80329ef4b30026a6e3da1d74de82cce013b4c521e7214c3ce4a7726c1db84c2e |
| SHA512 | 61ab3a82022435b8a6f05effeeb32e5bf622b52bf629a6ceb50fd96d10198498db70d3f324886c080dd366d00e4218b4d1ec4d2654730c171d7d934e6100a5f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1f8822338030f1d036aabbc70e4c34b |
| SHA1 | 4c62904239861bce9a10e40d22c5c8c7c160e064 |
| SHA256 | 43b9ab8095b6c6aff4e7010c3ada15694a86062e3779302d7ab623044649d1c5 |
| SHA512 | 7bcbb97d6c431f9eb1003e63721aa9d943ae37cc17a232b758f0df0c6c46231e500479bbc955bc06a3cf302a3e50d3370156a5e911f52a70f95860e76be160ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610cc2b01dfa39c67fd326cbc34c99f1 |
| SHA1 | 7fe1aee3faf6ef014fdb595ce3a1d44d16cc7a68 |
| SHA256 | 1c3659dd78ab9e98fe4af5f390cd4a3994a68417047f5affb060402126ff2ffd |
| SHA512 | 4ac236503c0c6752ff8fd4d74bdea9e491a58a73a75e9953a46d1ebf92fdf5d8a3ced138dce62ac5448c0260b8999e017cfe32981532099608e4e024dae89ca4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05274fc72592bf35acf04b636dbc515f |
| SHA1 | f71083b28a9078eb7b723b559e62828d7faf6fe1 |
| SHA256 | 2f5813db890d781f2c0c8bf40e7236eeef769db160a4661ce9e4ae569d1cbab5 |
| SHA512 | 1acfc02bd65f693ef3ee3b91cfdd2a7f8247929fa07f4eb6d236fcf96150b841fe2fe085701b3b6cc757b48a155656620d5db5579d55d1232c7bcb0c489737e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28d5d2ad2b931262903928aae4554cd6 |
| SHA1 | 14ad8a3c1d0ab86cd89ed92dd2372597d639a803 |
| SHA256 | 4d6f8760ec98648d774d5aac378ae354be8a5aa1e5b810fd2650cd915711d04f |
| SHA512 | fecca93f9c3841f98b522747e7f33a7b0c60397f8de1eff196db8726c4455d715ee462ca8e91560c8f7cd7606e502dd0dfabcbb7ab012f006465677da9b3e8b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed59b29fedbde1c7232a1385a362d9ed |
| SHA1 | ffa78ad61d0bae6269575827fc099e88093825ae |
| SHA256 | c741978555ee1dba34a5d72d323f59b0aadcb4bb5d2148fd1e3d1d6aec188bf3 |
| SHA512 | 50a8865df50d829c6a4afd416d7ad8ee9cb8402885f3923bac389f0c24ae88bd5c5363c1445d1e9903b7fc6541a0f123fde52a6e97a82051f32fcaa25ad41e5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0be35663956820acde15e370b681c75b |
| SHA1 | ae6349984cf7396512b337fb967a91f45c9cd6aa |
| SHA256 | 8d4de590a18b4c2fda99ab81e949c201adfac7ceb19be5ec7acbfc3830bff95f |
| SHA512 | 51ff17238368e69f755817896df078bfb384fa926040d76e8101bc492dac0a3dc2f97b40a67704019a7846b994db5705ca9248915f9bada8ef33163e3d5d373f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1666c82aea19d9ca3cce1b3c58cdddda |
| SHA1 | b7c9d1b2664a49a9ff67163f30fc542f675363a4 |
| SHA256 | 2fd5e14b27aea607f7d2480d10cdd2b4c118c75fe1b893c518b16f84242970de |
| SHA512 | 85fed8a08c5d6fa8c024b274e5a84d98e1f77a2990be2b138d15583768fe69473b227e26740515df4f77bdbdccd51022d0693c062ecc155f541a4282ad40cbf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b3abc8dc02501dfffadccdaa56f6b6 |
| SHA1 | ec356bec74715ec79dcc555d2badec5cd6934cff |
| SHA256 | 2d7f0a1b3719e8cdda10f69a13417364cbc0f34d200a1a7251979d4391f61548 |
| SHA512 | 6d6acfee02cd2fff836cf3b85f09501d6906dc116d671c8dc53d2e10cd122cd052caef619ec59396a697fe76cf100682dd55713f47a55a2e529cbfc6f6fb7b4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba51865b91cfcd20db7b2882646057db |
| SHA1 | 06fee21501bb1bd3d752056d9ceae69df5169ec3 |
| SHA256 | ceaeb0fd504f923da56a0abc41be8dae8dd82d25c3d13425db47cdd9a680cbf8 |
| SHA512 | d79f63cf7ffa3e393b4a13e28afce942b8d50b1fced335b565512db54faa7cf31ff059db048b0bd9dd8c6f585151b7871071255a45b29b6877c1315622f485ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f29ec5682259d2511f1d4de539131c2c |
| SHA1 | 5eb13131f2d1176218aca2b6fdfbea322bddd960 |
| SHA256 | 62ae026a1bf1a391a80c5126ca03f8205c052d0ac60c14f9b364fef706062ca1 |
| SHA512 | d7d4929bb708c2e0b54a13542d31e531d37af39c369802e33ea88100516cfd704cb1c82861e527443dd2f09167b0edbf8b9f8e749a73ffaedbd95eb8ab914e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb309f4cc31994e2f6dbf0c626678465 |
| SHA1 | c76f43ff17800b5f0bb72067315a37aeb2499670 |
| SHA256 | 4cefe17e9fef9eca53ea08ca143d1f01cccf1a2dc1453f29c30e6c48ba5aad44 |
| SHA512 | 1a4c2e2034a1ce0219ace7e328f795f88112a3204b4516a9572a64fcb9bd780789dc0baa6110c040ef0efa563bf5cf1ff131b40a1c0ddec1c53742428deb230f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ed2566f557c6d5169f5992d35cf35f6 |
| SHA1 | 18b8201f02e6f5cf89e6d8be0b56137095c3b25e |
| SHA256 | 8ab8a24d08a6b17ed4bbeeca0282551e9afd5f02ff345ce76dbf4d412364b663 |
| SHA512 | 578523efafdd6d5f3b6ea5d036ce63aeeaaeaf169e0e23a0f7a7970bd065defdb5f38eefbc8fd05fc7dbae21a46945889b39c88c21bf97b52936243cbef25a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c9286d5ff20732cb1d0f35370c07d49 |
| SHA1 | 4abea858b875f8846bc33580a7681a9864040069 |
| SHA256 | 43d31cfc1b3efd5acc871c965b43a5df485ddfd92b58ae89ca7fec626fa1cd5a |
| SHA512 | e74c1f6342955a72d704383a40f31801938acc2e4c578abfab4ffa6b790c076ad5d4f984cd2938feed66a778048a77cba92154cc20b93c19bcac54df1d6d1bdf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e0a3534f0cca7faa3e947ffb14198a |
| SHA1 | 6cd02cf202ee4db2a089ccbc1ec7b9674f975425 |
| SHA256 | a07937334625f4df01fbf2eb122909186da2e320ae8821e64dcbdfae96edcf0a |
| SHA512 | 728cfae423117a848c532883f20de151d9acd7c4d1492e8d98deaaa723760ba4b59ebc692ffbe065631fc8b7888f7abc6e97d1c264d97661e4dd3a926ef731ee |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:44
Reported
2024-06-03 13:47
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1840,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1408,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5144,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5436,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5444,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5964,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=7160,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | sa9.186632.cc | udp |
| US | 8.8.8.8:53 | sa9.186632.cc | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | sa9.186632.cc | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 169.253.116.51.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |