Analysis Overview
SHA256
edef00eeb573a90ba56bbf2ee36cc09b5189eada207109728160b5dcaa5efe08
Threat Level: No (potentially) malicious behavior was detected
The file a12e0a630cd3081737f8670e04287186_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:38
Reported
2024-06-12 15:40
Platform
win7-20240611-en
Max time kernel
138s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000a1113645f66b1431d366e602425907e2fd3dc0a4908315aabcdcb577bbf5cb46000000000e8000000002000020000000c782233e67f93eb7ffca297936a9c86afcf30a3b5b3f0537228c2d293605c26f200000004c90de63cbae672b6847c609891797ca6bde709769ba7b0d7cbb10724efd40c040000000b0e92eea00c89fd55912dc02c3c76870909e52acf2dfd78b6cbba256d27e81d2a22aeab2e003aef9e8d5767a5742dffdc71b0d769f2815d4efd118054f2595df | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3F5BB41-28D1-11EF-8132-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368555" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000804f5c19ee23140a27efc35fbb6a6525149c9841fef102f5a561f37e80768a57000000000e8000000002000020000000ba0093511d2681c57c83dfbe6e2f391c764e824304a7aef88357249181f282ea90000000d0a20ab10f20cec05d5a6a50d78c43d44c394594924a8ba8e330fd2de6b00f11e3f5ac8ab27afbef603e46b5757593883a2b3221305fef7028c80674e3955ca12590be47b978f9250227ff5eb0dbd6ba01fc1ded922442d870d6511f789f30e7ffbc29b92a5eafdcaddc7011aba5431db6471fcae9dfaffbc62fbd1ef2c2a4d03a879193d97584237f36ae773e68a23240000000daf80c0f681e20ced9d7ec5e617e1a670fc48e2747d4a5ed4b93760a88e06e1e4395f1eee52ae8de3aba094a9f7ae4ec8e17c7514cbb78bfe085d0d52ced25c1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9023b19bdebcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1760 wrote to memory of 1144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1760 wrote to memory of 1144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1760 wrote to memory of 1144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1760 wrote to memory of 1144 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12e0a630cd3081737f8670e04287186_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | camara.gov.co | udp |
| US | 8.8.8.8:53 | www.camara.gov.co | udp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 8.8.8.8:53 | barcode-demo.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5938.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar59D9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f25e10bc870630b9f282e9f2e0fe3307 |
| SHA1 | 78392db6bb0b01d00a4c24ce36be64de7af55161 |
| SHA256 | c839e27679e149608594bfcd5b8310dc733fca10547c00be8d6a0d5134d6641f |
| SHA512 | 7700631fd355f6ee46f5625cc808eec5fd17519effde2a681d640fcdbb342b7171d2508900e305de1e4f7b40461b39cbf6ae1eea8f6922627bb74d93ff82d888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4665895a8333e90713a6a0183f59f0f0 |
| SHA1 | cd719a7a98ad588e447af8f82e682bbb95ec544a |
| SHA256 | 3c33fb77a9ad0b8d573dc5e7360121d218a8e66839437adbc2a5fec6b06d633c |
| SHA512 | 3b27cad24afe74fd5f736f040bb0c0fb375a7e26293f4d7529f89249c982d2e5d8b12326053d146f1d7ccc5f8d8984340ede980a18c22052a64c5132bf47fcf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff129e946330d08984b7a04806c4c2b3 |
| SHA1 | e8973551820d86ba1a1ca2eaf9eb9ca8b1945c51 |
| SHA256 | de447ac86b4a9e1085b0eae68a25ae2db959a3e5bb3df25eccbac4c6b89d4d56 |
| SHA512 | c0c86d1012ec6600b3115a99de5de4a708ae3d2dd55a3d9256ca90397302e1960941584e554bd793d8b0d254dc6a6e9e3f5f84842a52c18062e6e515d505540e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba98d9381e81fdb0217d62ca5f65d035 |
| SHA1 | 0fee1a9d8be1605cfe70b1cfe991150227ebc721 |
| SHA256 | 56a4573f8a9f4fc6543f233cde75b099699131c8751046e476afff01ddb48824 |
| SHA512 | 2439c7e28901ba2898d6877f4bbbc0df437a829781136618eb4a8d26dfcae2e3941205b15f929c9173cee7c56707a2e56b84190f568f8e35a0ec614ab99aaa29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c027cfb0916c0c1d706b834754d8eb52 |
| SHA1 | c467035fb997d2a130e2122c809f56df749a80dc |
| SHA256 | 9eeaeb2d590a1077c0b570d53fdbfbebc3c17ac8f73f99fde7dd4a2a0ac4af34 |
| SHA512 | bce1cffaeb31a4d5ab6fffa6332f28d94cfa4b8e710186ef8ae9ac62ebb5bb01bf9d2be88fb4b0557fc762b0c668c0d6015e040278bb5c32110b9750db505113 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4ce2f798efae9104c362e49aaecde2f |
| SHA1 | f3e8d1f07be8007b1f754b02be5cc003ac240d63 |
| SHA256 | 5b2d4c6412bd7d6d62518bc226e8365369d2e269866ef4345599b76b98988ce7 |
| SHA512 | d29c11ae28baac036eaf31641ad91d136ba7c06e0b965cfc477f4f5f51d3979dab7cabe74f11154e5e911d981b5c083de0a3bebf2ddb3129b6046e25325ba532 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed30689d8a7cc77d7500e1165ca4ffe |
| SHA1 | df5834cee8bfd9fc4575a0b102a17b5faffe7736 |
| SHA256 | b8754c2f6a383b80973da940a427e3674bf53259dd3c44c8497c037ddd2cdb7e |
| SHA512 | bb166521722d8be1084ec7bfef16be44313d08642dc7bf0b3c6d8cf25a18c311de21922ae9fa21e43f27d5101f3abbc4e2304291415ed5047ea4b94854b1b49f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dff703043e0fdcd62a8494f8df37112e |
| SHA1 | 012c4b062c1955b0c6befbc100800a2558d620cb |
| SHA256 | fba051e60e014ecd9c24bb34bc29e4b87602dff91fee77b1eb44b62d6edd3335 |
| SHA512 | 5569dca2251c895fa96acf439be987ddfee958caff99a0bf5d5f3e5f7d34dd146f01da5823fdf8f5458c160e829a88f964d1a3b4f0971bc6bb1a6084c2e30725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f462c0e47326291b8bbf8a21c395cd61 |
| SHA1 | eafff58e50baecc96d4f01dbba88fc8d79843370 |
| SHA256 | 569107ac80241459f3b26cfb6e4ac10b5be4f83467d62cc10a9210bfa538573f |
| SHA512 | ea1d1e051f67bb73b96a0631d4132e1acbaf5fa8d3c13fea23935cb285eeab67838ff36dd5e46fab4d582c34877a1c240928acdc5360b52fe0d94bd020b838b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28eb3468b6551c94b6555ac6fca37393 |
| SHA1 | 4b73093590aeba1fd53a7234bb9c2d9edd41a86d |
| SHA256 | 944ef7f09ee7453eaa69d9a24841950bb6ee703554840f553951dd7e32067aa9 |
| SHA512 | 6b295e5934ac7de2a392a5aa2f12657e5ea3b1b6d04b5f7d04211cf64749231346e45de7bd22eae4af3367da22da91115520df1ad65326aa3c1e981368e89662 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 989b198b821963741d3c5ca9e7186f78 |
| SHA1 | e4a17e1bd1a84ecf0d01b49c5c932d87d26681a5 |
| SHA256 | 228d24ccc25d99085ea697721542073ebe0bb6cb3edbacb837d298d25eafd403 |
| SHA512 | df5d89ab2a6835f1e73546214bf0c64a6bb8e0326d476fe686b72d159b71851bc4a37641c1a43e8c2b84bb2ab1eefaf421baebf4437feec308ee924c0d339d7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92877e40243c2b782169b0c088caea18 |
| SHA1 | 075bd9f4649eb906f3e2be6dbdb60e03777d6d65 |
| SHA256 | 5a35f1f77a2e5dd9d5715035fb5192b51a27e6b1f08f76cf10c29f1913461b45 |
| SHA512 | 6df4775a2ba56d1244a38f2a87aabe107d380432f0b3b00168042635eda1fb5dcf354aafe2e88c71791ee972988c8346eba74887d6868aa4741e3a8640b68cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ff33fe32a774dbabc8771079e430336 |
| SHA1 | 9fc3e0773600113132e0cb7adba59aa8731a4bc3 |
| SHA256 | 4f764125948e8b165991f8ade98a4e7b17826b88e8ccd2c3e91a2b6c6db6b8d8 |
| SHA512 | 029cb44a9e6b141af1b131ddcbd475f81f8015e86349147d93117c3208a333920458a5739d9747cd27673206fa1888bcc4f5559834f5f45e9972d7f5ac3c45bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 701572efbb1a48f797abbe399b65ac3b |
| SHA1 | 6da59e0b1cf0600c89233cceaba5eaeb263a2e4c |
| SHA256 | c1e3e0f6f9de9e8d623152310c4d31eb004992a9dcfd6eaf4ac7d5de98e7922c |
| SHA512 | 075bed4f5e235279ec00aa662ab7c408895eeb35096a031f4c702dccfb3b3e2814e57368d13fd8b52ac4b43b19972905a4c83ff4009683169ddaea2a4106eeb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e92cc1cc14aeafed807bb2eaab5f7b61 |
| SHA1 | 17878b4bbe39bd8cb54509924aacb869e19bc0d3 |
| SHA256 | 68fa461cb081fa14cd924009880bd849feb49bc2212117379fb8b08e090553e2 |
| SHA512 | 34b6e6e4ef28f00bbc58cbd4e2a38674a407d0e25ca99b2ed780a8884d03e2d43d2ba8f092b5bb9bf55db931f96a14844fc6b0647ec885808b21a8ce4d4d74fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3d86b4e05f06b2361e289fa78d8c53f |
| SHA1 | 2a12cea10a77783f0e83739e7849f174f303c654 |
| SHA256 | f25816cbec12920cf0ec671b7278220ac1ada241f626cf541751af61021cec0c |
| SHA512 | aab261e5fd757de2212fa4fd8262eb2f732503d119177d12ec053d6ace777664994a86a5e5f6237ab9d85e3a66b25e5fe2131aa198cb00c34b2f3a6191dbe3a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60f6b34dae536d0fd9e3c3d4d30d9bd3 |
| SHA1 | 708ecf04259bc6eff80eb91ad2d730391821662b |
| SHA256 | 6057a7f025f416d560de547bef4b83a4fb534970c60ca250f793fe9c8386acbc |
| SHA512 | a0d0b9426f37686fd97e97913d7d89fd2d4f1125b2e0b96dee4ff0a3ae590145245cb981025ef6d09393e0c0b57de7158537594a17775742731d169bcdfa5cc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c814885f1f3cfa398e9cb4947edade8 |
| SHA1 | a0c75b639269fd401b45efbdee2e77e9195e9b0c |
| SHA256 | 12fcf6aaafde1caf9c7e65309d31da3916a0635c6d9f3f5273a263ed83e3b6df |
| SHA512 | 2e7449ed246c3313022c82e1262c204f060aa1637ed6a11d8b0aa07673b174e1b550d05c48fd6dd91a05472a6b67ce0129c90df4bc071f89e0c7cc1a22721899 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:38
Reported
2024-06-12 15:40
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
139s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12e0a630cd3081737f8670e04287186_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3848,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3852,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3876,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5472,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5352,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6004,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5668,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3928,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | camara.gov.co | udp |
| US | 8.8.8.8:53 | camara.gov.co | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| US | 23.96.32.104:80 | camara.gov.co | tcp |
| NL | 96.16.53.149:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | camara.gov.co | udp |
| US | 8.8.8.8:53 | camara.gov.co | udp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 23.96.32.104:443 | camara.gov.co | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.32.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | barcode-demo.com | udp |
| US | 8.8.8.8:53 | barcode-demo.com | udp |
| US | 8.8.8.8:53 | barcode-demo.com | udp |
| US | 8.8.8.8:53 | www.camara.gov.co | udp |
| US | 8.8.8.8:53 | www.camara.gov.co | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 23.96.32.104:80 | www.camara.gov.co | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| BE | 88.221.83.193:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.co | udp |
| US | 8.8.8.8:53 | www.camara.gov.co | udp |
| US | 23.96.32.104:443 | www.camara.gov.co | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| US | 8.8.8.8:53 | www.camara.gov.coportal2011 | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.201:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 201.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 131.83.221.88.in-addr.arpa | udp |
| BE | 2.17.107.112:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |