Analysis Overview
SHA256
bc01f3142730aa55b3e5435bd728d2da4c45bed9751f6d81cb45cfcb77f60392
Threat Level: No (potentially) malicious behavior was detected
The file 91f4a30bac965d7c0741d683006091e0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240215-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{65CE9941-21AD-11EF-8ECF-42D431E39B11} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b017c93bbab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583277" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f34c9305f14e34f823c71fe5af3e36e0000000002000000000010660000000100002000000072fc9827e170a17869fc3f421eb30b526137c464f4ade94de34f910ec3cf2837000000000e8000000002000020000000c54ec241182a131300f998f53e17e5327e88cf343d147700f9a9992fa3c29b22200000001d0e14832b22d90e1fd9a96cd5c932921ce2cf0603b7a69a01df0f19e5819cde4000000067ba106b07b436d4adecb3832445b7a655687e2ffb1ed2624bb82c31daaf524c18fb2c763df7c63a824d6d70a326df4ef5c9e4b2e5a3346c97f2582e6d0e9d28 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f34c9305f14e34f823c71fe5af3e36e00000000020000000000106600000001000020000000f297326e3318c5596a917210100e38824db0bc25f5faced6a14847c71f44f831000000000e80000000020000200000009430ccafc09081b1dcd650e1975cfc2df86af786dce4780b0858fe77a7137d6c900000009e1688514ed414df31f611f43cb55d19da9be51953d1470c35f9aa103e01395e1dd46bb8fae0aebc5686b5ca3f04b77a25eaf9a67e1e9b4f334d9c3902c0002f213793952edbc0414c459a0b19ea357e7227572daeb837f9737d5af59a6262cd3fbe65a8d3268af3231fb8de58469ad94da31dc62fe8440ad0c7cf584995ded77aa894d87d0d6056d0b2c7e9e21c62bc400000003247c25160ea8b6dad358c4c0d598958bfb595d2bf94886ec1f3246441f1ebebaf442678b11bb69f47ecb8766a0ff753f7ea1ce9e2c4bc4acf496f33dc6b015a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1664 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 162.210.196.167:80 | new.bestoffers.vip | tcp |
| US | 162.210.196.167:80 | new.bestoffers.vip | tcp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| DE | 64.190.63.136:80 | ww1.bestoffers.vip | tcp |
| DE | 64.190.63.136:80 | ww1.bestoffers.vip | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a7edcf31890926810f0adeacf17a6d76 |
| SHA1 | c16a89aec6ddbb5ebfe85b9e7235b45fa04c7001 |
| SHA256 | 4b2577e698339a2b4b052346917281b5c5a6014d880693d132f5703a32882605 |
| SHA512 | ae26d9fe03d806a7311412d9f6e0376be1317465fce5d3fa9fdb9eaaddcb5bce82aa7a5178a97fbf6524f04af00bbd06bb9d0543c61b75437ea50bdcad56e9bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\caf[1].js
| MD5 | 37d818f8417138f9f99241f7c1eca482 |
| SHA1 | 1295e31a71f6067fdc9c93e4b8cffcda16633aa7 |
| SHA256 | c6ebf27e8808bf120e96ef6e27317a7c3febbbbb7e60e21946292f174cbb6a3c |
| SHA512 | cec9c842e4c5d854007aae8f7c776dac4559ed29ac4725e5191014a7922029b775fc37b4e533c06a051044f2dfbc58ca02dd41766acb40c18834edbe73e33b5c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\sedo_logo[1].png
| MD5 | def00c11b1596db4efee6a9fbe64fc27 |
| SHA1 | bd298981e6d8d7e4ffa18abcf687041f4246672d |
| SHA256 | 95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4 |
| SHA512 | c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat
| MD5 | 15a93a76660630c327650bf334b41c6d |
| SHA1 | cf023d3e8324c59ead052370b7e79dcd75a91bca |
| SHA256 | 0b6f6523bda3a9ea0c4ae07994cc93ea7f3f7e3679a733dcd7545be05cae6952 |
| SHA512 | 72ee2133c3ea1b1eb3a9889e01245e858b8f26ffa7451fac2fe3656f1d7e85745b4cea7ae8782e213b29e5129fcecc3e48a77bc821672d7890a2df31d216d220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66cd8d5cf1ad7b30b0bcb8ebc6dbb962 |
| SHA1 | e661ccf02e8c4cc1587cbd3b21488207ee44b374 |
| SHA256 | 7a423e1d2c30f6465f237d999229ac53b87290a700aa984a982e0021c526033e |
| SHA512 | 45bca92ac1fc5eccd84b74f4e7d1dff17719237f4af1d43eabd2a564300578f7f2390c11d0d4ba306e9ca1b7e01f6809ca95cd4263bf4d55b27278334ad928ad |
C:\Users\Admin\AppData\Local\Temp\Cab2ACB.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2ACC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2BDC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47105a6b5b2ed3ecaaac4ef4ef600a23 |
| SHA1 | 32865bc28a00bc170b54680f82b42c57bb56546a |
| SHA256 | 8eb8a7eafc4d586e03e71938a5931fddfb370dde350ad43b872f77d40604b64a |
| SHA512 | 7439beb94df52b9fb45c74807793611ba68a5ee54ac82fe5161fe5ed72bd946e1914f67b812fd981c9e8f09f6380b1fbc7b7c67270845c2e84bf709528f36ed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 340a69264d293485cd6df4ec96ce2a3c |
| SHA1 | e796775c1c31c7a8d596935bcaa9c10d9bb6d0fa |
| SHA256 | 8bf5f4719e1143804d86c368d39260a8868c73c85feff525b9596049bb5a53dd |
| SHA512 | 59990b14b0e7756271f21a155ea6afac59ea3162c737c1f4108067a06a5dde156e604015374a4db3f2feb3ad0ec3a0353473ec7357155c5d86b5f7f8f063eadd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f92d1a88a9e842b2bf514511f8f38041 |
| SHA1 | e038120a289426eed4e40544fdebdc2039b9edda |
| SHA256 | 4099b6a1144ee4d0006820c20cddadd0dfc582e4df6c1baa56b256ecb92cf6d4 |
| SHA512 | bffe24b14c82feaf066a0901a529a49e12d5d61f51dd9e1bfa915507c15231f8f33bc454077ec4ef258fe7decd3e6ed9826c5be8f6b40c40335331ed3f91ade0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96b65eb00bc1cef697b31aa817cabbaf |
| SHA1 | c2d5c2c8942da720625d73257fc3385262e7638e |
| SHA256 | f733df741e0cdbcdbf142054b01a334487408db57c8d14ca51862eef81c9f202 |
| SHA512 | 1273e28789c50585ccf8a6b3a6e130a8732cf336e7f576bce8eb9f6d1a88646cda7457893b9ce3ebcbe820dd3fd5def1cbb07da183f73018a491432ee8fe9233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05d6c0df920039ee0809acfdf27a295b |
| SHA1 | 663ac287a769bf0b61914dc345fdb1fe1cfc7905 |
| SHA256 | 1c6995cd940b013479cef45080beda37d7e2035bfe618f4aebac8dd4f94c3907 |
| SHA512 | 340178e66f7fe2de9e1cf30845dbca20d362433aa10272900ff20078364c802de6473315cd9453fecab70fb5300f3c5897ba425a3012f06231eff4dfd8563cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0559ef15f9b4b8d63f9d7a2d650faee4 |
| SHA1 | 45207edf09bf0257637ed6436386338b8126ee71 |
| SHA256 | b4895ff84ce949536f50df627d97c8f44d799877a2e4c6997aed172a53013ec8 |
| SHA512 | c9749fe1e71182fa4bb8aef7ae318c91912f5c843405a61d604244c0c497ca881611cfa020686871aff1f3eb86ef5c0f98b97a4f09a5d3a1938285a2f3838a02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72d5d0978fea4f814f96f6cbe7644040 |
| SHA1 | 4ab7ebdf147bcec952da86f0b502566098a8dd83 |
| SHA256 | 73b6757ddfc04327a967dc9353455ac18f0ec170c07888d79de9bfcb02824081 |
| SHA512 | b0bd067eefcaaed690d96fdd2ea5e4347be0a8937df6d90a95fda5d4b4a0729803837cb720cfce6fe40c2841848db2c316c775a3ed42c355e5d0571c9360ba4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b771f14571d048d929691688c88571d |
| SHA1 | d1e76acb9ae57093451eabbf5ee3129c49ca350b |
| SHA256 | f3209e72cc1026a9300d562e9ec02e29e079e09981accedf074b4bab60e16538 |
| SHA512 | 29d3a989cead72d4e3d5a3c9f308fdf69bcbb66b32b31a3cfb22cffd319e17aa7147763e839c283b495ddcc09331de80f02b01ec7d18f28140bbed9aa679722f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae45e5cf5cd9fe497bca7cd9f238c704 |
| SHA1 | 72ce77f534ba00cb645a76b77bc8489cf332f9d0 |
| SHA256 | 6190b1376a56c86a70dc94b562336c8c6e8e9c21bcfeda3a6c59ff9c5db201f6 |
| SHA512 | c2711f7ab53638ac2db032ec93a1a021ba3b176390dd58d948fbb07c52500c269da8672a8946878758f52c6e9caefe5628af54404288d556b18ec77a73ec832e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee55cc787dd6318532c047ef5b275ce |
| SHA1 | 9496fba15da5f0a7ff226920a3c28b2e68862b79 |
| SHA256 | 3b079b2008c022e1c6a7cfe3cd9c368b9e0863a9b0c6585dd0d2d46bbebd475b |
| SHA512 | 89fa549663d138e2493b92cc51975a2ab5ef81a5aa75e07fd7c21fbc66f281a9ee6781ad3db2a8a1cf23921b11d22b41ca4b9ade497f6fd758014d04fd0a6d84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7f3dc5210221b36d32189d35a1e6b2 |
| SHA1 | cac572e9e05834487fe3963bad277257a14fcc4a |
| SHA256 | 6e87e5b275d08f443124951ac00804b2bea6cf4b5391df251143ef8e8a865833 |
| SHA512 | 7d46424f9818dc30e63740c57c9cf9f93b196f6430dab169546b6470d9fc2b5fb12a09dc6deb7d9c3d6765bebae45d6fc342625ea43f21471c48333924b39d2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8a02ab98566485383118928e6868c045 |
| SHA1 | cf06e9c6e87b55b93f7ff2b010efce96428f3181 |
| SHA256 | d96601d52959c7bfb3505e1feae8de6f98b11b089761d463f9c35dc49b993e3c |
| SHA512 | f8790179dae91fb4aa137f50af989f1b60a115533c2a6c20a91a109c166a75db658992c0bc99f6c76ebf0a1dc6f75e19aa5c433ae841a1bccbe03dcfac087676 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa4e70b93bb4197e9947ae76c79737bf |
| SHA1 | 3788c0cad8c5c32ce34e26074728bc737db292dd |
| SHA256 | d4505d11a149cb6a4c8ca9d6fc08bd02798309f5195738c55dc3addaaf067f66 |
| SHA512 | df26755837a8979ff5ff906d192367644cd00064bf3456db67bce9d96a7a1c0836ea829107276fa1c337223af1a750c193ba285b2a05bf4e13b6b6dd0dd96d39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d86abba2a5c54741c013a881d32f0b3f |
| SHA1 | 2fa240daf34afe25fe739407bb5a5ab02df7b136 |
| SHA256 | 346387a28013a9d9b65acc488530dbb4cdecd3aaba6e404c0daa54418881b2de |
| SHA512 | 050e4462c693a8bb931b7ad439734123f10c96e05c1ca773187e389a25354d3522104f61a596e787e587e012de32c9b6c36f15ab3a342ff98c96e641ccd22436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 630781f324e63552ecde844ad16ce5d9 |
| SHA1 | 26b37fade28e6b36da4b2bd5645bbab80f372d24 |
| SHA256 | 1a69e160f5148c974b9d90d190634b40d8faf1fa241ff53b1a06525dc96b3b80 |
| SHA512 | 19b0a9e2f6b7b727040dabe66e619abc64172ee03ff8d93796a6d188a1605f41ce56bc3ee357c2287c7f4c5d9b2a715849b08b401671ab001a5a170a2d27c2f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf5272f99cf432678a9bc08223a1915e |
| SHA1 | 5ddd5b8b0b8651869187da331e2914f014805b55 |
| SHA256 | 5df3ea4db734e595fcce4c84179286002fe462dca2a5faf7413b2ab6b1f28495 |
| SHA512 | 54464db3acb52dbb445c73ac241ddcdb68164b5aec49320a8b4d9b54811824271d75c91c02df4979114b961e37265eb4e78e6284834419434549f4d9a65453fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9509b829786a9f66b906792252af2779 |
| SHA1 | 1c85a80a32ca68ca6b4694eefcbef1518d72d625 |
| SHA256 | 79f0c0308a14a27ba300078af90365186e36ca48e6822068d7c6d03e4f7e2fda |
| SHA512 | 49f1570f2bd5011bf2f832fa312251ca981c00aaa255eda76fcf89121d5ef7a62e0b1dd5cf25f42ea269f1fc4308802c05caeaf6866e3022d1fb72e73c5a6ec7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a4c607078f6008c278a1195b93000044 |
| SHA1 | 80904b76a3f2f48fed8bb20f56f3c6936523071d |
| SHA256 | 0033851add779547e4f6611470d8b2096c3fd49c9ad72c0dd87f1cab8de05c6f |
| SHA512 | e779d54d1431d6a5bb07929c9547d942d189549e4b48705ef3be872d963eaa55a5450aa8a7ac377d43e8329548b8a9f348d64236bae549a46c081cfa15b746e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c329776d163fdaae3ee4d15f059d70a |
| SHA1 | 7743180ff79f4edbcb0deeba926f2f8455b54a3a |
| SHA256 | 2639f79ac8205bff37876074b42e7bd7c9ad5c4726104c7a42eef67e0f38fbff |
| SHA512 | 38424030ccd1f44c4ffc142e21b2dfc0ec3548b4de1330825cf5ce4978f9197ad000a15e684ffcbe251f44a97a04c8b9a3b1681d62a48115b1367f4b5556897b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93c5ee2f69977ac75669a3ed35ba80f |
| SHA1 | 5060f987bba36184ccc7d69ecd49205637010d55 |
| SHA256 | 1ab8b8c6d92b1af912e9e910dd1f2f51784e84d0f46aad90180332bb45b6d688 |
| SHA512 | 538f86ea1243932695b93cb9784d262e6728b4f897b7555a8ade3fc817e508b77eceec203cb2ac9c9a4715342278652316e9a5a4f0ba2e75d760c06b93607a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06a4a1623c78082ad671d4c0aa944951 |
| SHA1 | 219b9ba91f907a4a1ab616229827dfc712ee98b2 |
| SHA256 | 0a723748679e0979f75b9df8406a5394d8fc98bdcb662fd8bfcea3e8b9b6ed48 |
| SHA512 | 6d9bba310e9a7d64b03cafb2bd93d5932f3c5760a89a6d7de0e0b57302673130fd29daa0c6c3a27f60611e5a5c1ea38c934054d7133cc15adc0a7b3ce2f91ffb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240508-en
Max time kernel
135s
Max time network
140s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3768,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1636,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5196,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5236,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5372,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5752,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5764,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5104,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6240,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5560,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| US | 8.8.8.8:53 | new.bestoffers.vip | udp |
| NL | 37.48.65.155:80 | new.bestoffers.vip | tcp |
| NL | 37.48.65.155:80 | new.bestoffers.vip | tcp |
| NL | 82.192.82.225:443 | new.bestoffers.vip | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| DE | 64.190.63.136:443 | ww1.bestoffers.vip | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.65.48.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.82.192.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.bestoffers.vip | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 8.8.8.8:53 | afs.googleusercontent.com | udp |
| US | 205.234.175.175:443 | img.sedoparking.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | afs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| DE | 64.190.63.136:443 | ww1.bestoffers.vip | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| DE | 64.190.63.136:443 | ww1.bestoffers.vip | tcp |