Analysis Overview
SHA256
1d41b2ba0185a71e768d33308760c0bc50dd562654659f4bafae7eff20a464d3
Threat Level: No (potentially) malicious behavior was detected
The file a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:39
Reported
2024-06-13 13:41
Platform
win7-20231129-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d8a5ad48449e446b8bd96aea6ca91a500000000020000000000106600000001000020000000b3d3f2cb28f85ef2a2dbe23d6990aa7739033e273f87e85c6fd5037ee50bee13000000000e800000000200002000000041544c84f55025f28d494b0d00deee6f9f28c5b93a3f6263c904d1468812d9db20000000ac09378a5826bb1ffa2b961750546486df1d2909021b71eca6fdb66136ed7dcf4000000006153c286034bb83af6c6c97d61a5a39f7f693b833c287eee901dd5f9dea43116b8f68fdadbe0f188e4e404adc88c0b3baa93bddff51cd27cc8d37c0e71a4ae1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d8a5ad48449e446b8bd96aea6ca91a500000000020000000000106600000001000020000000cb525219f5a8d167d098271775c64395a72c832b8e566f9abb67fea9aecd1eb0000000000e8000000002000020000000fe4382050febe7ffd5ae241d0c81addee57cfaede71478b99b48a3202aca4065900000005935096768cabf9b9a0d166ee5143137a748a92ba1c7b31f2351785bf6d8b8f0abf6af5b228249d8352438e00c7824bbf90a46d03fb8811c068ebcbfd56a2c644e08314a1908d2b069ceea333e2ba8af3de0ca3ed0497a98b784499a341a01331c125a1bda2eb791191cbb6d7ca4e0146a167f591bc1d7c9e837fc066c6fe9317b926e764ee8a1bd76aa1ed7d61c2244400000009008509a92fc6c67da277e937221713e9a69818aa83c7a1f605441429e598d9c8b93c8aedbbb214d6d99cb09b05ee144e1fcbbdbfa8bc987ca8fed6898dfee3d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CD45441-298A-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e8ba3a97bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447812" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1712 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1712 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| BE | 2.17.107.106:80 | www.bing.com | tcp |
| BE | 2.17.107.106:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1FA6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b54a9bf72bde336ebc9e18751703ec7a |
| SHA1 | 354e91ddc82be69af06c404a7341f3199066e794 |
| SHA256 | 1bdd3af32a3450245be6fc8412122e5bed2c09cae5a2bfe27026be9b5b908806 |
| SHA512 | 7f0998573ae79c5034c52ffef76d33c8f66a7e44f07b16f5cca7bcbdb9ef9867b57dcb1328a40f2d594bb6f3cff14d59c2e0740e81c772fc3214c7f3e8add562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a80d53ee6e182d0c3b27e9a7571d857f |
| SHA1 | 2653081618849c8a72401706e10e136c3e722ec7 |
| SHA256 | c629c4818b5abd470c6e93137b768c4ed27f58127278b4b15442d7d5fd1484a0 |
| SHA512 | d6f05c1e028ea177a54b41a1676b319d8ed425b15ac4752a7df2f1fec9da0b79640009ce2b95cc61c4a02223b2ffa1d5fd5a8467b27cc628fc0b16b8153f6ead |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 586db868da25eea3dcfeb5fb7ea6ba3e |
| SHA1 | 4800c64d87affe7155fbdbf07297f9b649a1590a |
| SHA256 | 2ea473ea666376c362cb549d1015a1bb2870afdfaa538d6647ac9d6f482d207d |
| SHA512 | 3bc48e3483c9d794e4bfb47682557ac6a90ac4aa7571ffb4aaee820eedb07f985251aa5079ead5860667bf875f6fe6704489dd9c2036b5daa578a3069e7bacb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21affd9b5a8d03a1c71e28cd85727d31 |
| SHA1 | 3982d665c76bcec2e838387fcfeef9a734b6b2a9 |
| SHA256 | 7a1e3eec9ae84491f48f9ce2f7652780c83c80c564982d0c85bb558dec0077f7 |
| SHA512 | 2631b5ddcb730c644277d349e73671011e3228cc2561d0b9e94d5f33b042747103ec8a68c2b3a30adb08c00cfed3633f525cec8781f114e9a44b490a694ca2f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 760f4aab491670108191d2f4ce7711eb |
| SHA1 | 6ffdf9b8dc9c07a8017ac0dbea3ad2a0de32d565 |
| SHA256 | 6fb18381873d8ede7fedfe6ef92f255a6f18c11fd582ff7da782bd6590e62d28 |
| SHA512 | f26b768e321690e0f9ff0f6e84a73c4c035d9b3f10793c70514793855adaa86df074a720bb6d49245651798dae9a09683a4e4c6722637614141509410b3d06ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cac5208bcb8018d29671673f85341770 |
| SHA1 | 93392e5c485679a62d54544c23bfc8f49b37b614 |
| SHA256 | 13c913a8db8f5f916931e43f87fc138b16be7228461ea2bfe33ab810e5d5e2c9 |
| SHA512 | 0ffe809afcc99a7a19383f760ba62dd1de45c75171a290f323adb04ac4802dc7b7152042829018d6b4379eb89dc870a3cb821ac9701f45b21088536da31dec3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b03530d8cc49ace27d99df30e90734e |
| SHA1 | 4200f9ef6a9ddfc813404182e872fc926bfcae18 |
| SHA256 | 60f4e0eaff74aedb85eb849ef4d25a30e4e2b9e34db835c8a4b5cecd5e772cb0 |
| SHA512 | b4c39ba8972778e4e16de812df71cfc081d88d1e29aed83a93ac2b76e051f082f9b361265c8771f081fc66bfb4279cdaf4b542996f57c2a50af965197bb6655d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46fa52e17f249b71208349f3d643dae3 |
| SHA1 | 0c391e0785b13753a5d7568ffe16537c6a23d90f |
| SHA256 | 6209cfd73a15c4508904ad586ee4a5a8b489998218325a98ecf00234094c3cde |
| SHA512 | ee2d0dbaa7e18de131fc0a2a279d176411de70bff47a88ffb2722ad21aed04a7a3533fa675fba4beb1bde69a1f7d055062f38af39fa8bd74d024720926c7f4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 847352130f6b1443723c44df32cf5209 |
| SHA1 | ce71fc8017567facfe3b2b06655641c24ce60f98 |
| SHA256 | 3050dd08e97a0ddbe82024c3bf889d953764a3519aa95bd65f2eb9a65fc1ef88 |
| SHA512 | 87b01baa906033e3d9129ab64b958e9dd1d7136935e9e420839fdf14e44d389ab5aed1adb09368b0f877d2310f9ccb2012ac496f35a1e2ed21a71d249ea577fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b8f6f3c95909a09057aa51feb476aef |
| SHA1 | 9875a4478c1afb1d5ec94efe9ae37af9e27741fc |
| SHA256 | dd51447b986970332266b65049caa7b5f5b21c677c4a7a8632b7b7f38bd43bea |
| SHA512 | 11b5b3aad28fa4e4012b53c80e9ed7c7f610bdbe2b2d779b063bd0b42e907c40cff514e4a83c60cf573e0d18d2aec2da6c2a1cbf42e60c5dfee2f5cfb0fc6ce6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2417dc10d53c431ce40b8e5f5145a0e1 |
| SHA1 | 17d469bd232b2cf0ccda5d9fba32952bc917a34e |
| SHA256 | f7cc6d51cd1dd77350c9d2bd0325c7260ffb3c9a9dcff20e2ab270bc00addab5 |
| SHA512 | 25358122d99e69dba0928aac7b448706f5153858aa931b3bf1c2a8a0769fb0fd68051c1082bd08842dbbcb16660c82853cd58a6795dbd5a64b23183ecfe46678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c5de907315118aeed8b38aec1f6aadd |
| SHA1 | 12749992cabc7b468319565c249d181f5a8f8dc2 |
| SHA256 | 47895a69eb330f3d53521a632e0a93118f6a8296b70df26fa5a0672456325ea3 |
| SHA512 | d3b1a74a03c7ed4ad636ecfcc27a1388ec3ff08b10ef2a9f101c5a34b802f7c8ca17f4737c8142b00fbe0988ca541f62e88cc1f38302cacce7c35bdc89148c60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f23a032e7d4f2208cde31415a21d1c0e |
| SHA1 | d28934fe714fe49689dd18345d8bc2228782b9ff |
| SHA256 | 592f32f7a72ef1c9a8d57ed95f01f3e87e50bd9fffe2d3af12823e5089102a18 |
| SHA512 | 145c7877cba70e93f35e52b4b67aee37618d43dc521786b6ca7a5ae07ad8928bb3c827b152d59a4ef91e7e010e6d11360ef5ddcf15c35b87937df7988fe88326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 788a7c8994bf9e573e1d4a580275f505 |
| SHA1 | b2b3ca33a21ea538f4f5fb6b5cdb36ccb7c968c0 |
| SHA256 | a2ee16f1f92057f0881125229be9d35a5bf2fbb52e101fe20928a3bbb81b2484 |
| SHA512 | 41190a69a9978ed26d57c93a4500f57e376ee04166557a5ee9bd6429aa27388f67bf3dbe883823ca2e2e28eae283f58e6edebf2b0971c985ed75d21ab08a99d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b47a7f00919427783ae40443eef5acda |
| SHA1 | e4cedee0a0e0f399beba5a3be45344572c7bc5c8 |
| SHA256 | fc910d16c5cba7a928accf54284d444d45298097d7ff5c81128cdc6ce3f0020c |
| SHA512 | 33e3de675cbcb6948f0a1c7d3a4003279ec46e39ee56fde442c881f336ab59c9b3e690b61b9b01225adc0c2316fc320b53a18d0863c500b4155cbe7fd9906eb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44021dd9b340bf709b5712ac7c68a5b9 |
| SHA1 | 9a931002ca51540559dd0bdb3bdab51a94f84a10 |
| SHA256 | b66fb95db690384a4ab1ae3eb649174f694052d78ba9c89a64b6524ebb357217 |
| SHA512 | 848d0069f44066d81291a128bdeb9b2fb113ef5bf8dadfaf34f4fc3f63ccc21487f413d7a44c31bd3174af42aadef19cbddc83d05ca39cd404d06b24dc99cddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc92d51c380ae9bf58eb1525917c4181 |
| SHA1 | 982651c24f51e2130e0eb2a3b490677076aaa663 |
| SHA256 | fa629b1ea976f70349a446d0fff47d614fac86f49fa78c071b16cf07fd1b4fa4 |
| SHA512 | f7f1cc3dbc7414fb4e9ebcb92d47271d7909c5a0b3e84f19e0cf1f5d216a281176ea2277e6a5cfaaf6f351845e0c135be853cb3f09b1e8d8750ce8b7d7c628f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d91909ab676697f5cc7fda4bd19134ce |
| SHA1 | fe5033375ee7476b0795084f2e3fefed700dacda |
| SHA256 | a83935e7b0c0ba495ceb5016c9e4ef60f114122b6f3a5f51bf893763029d126b |
| SHA512 | 5ded4c197612169ce1ebe30efe9b15c4aac99d2433f62c6970bb424b7c5c344eaa5fe75c88fdf1baa797bab10f305dfd740f96f34667b97d98a4a2ee478a7fd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ede5adc02cd2f262091960f2bddbf00 |
| SHA1 | 28e09a138301d4b505cc6d4813e338ab73398655 |
| SHA256 | 2551c6620c3ce7f598d48ca8b06e8646f2a068b0e9ac1270ecc8d4870371798d |
| SHA512 | 236aa946ec81e8d0b0206715036f17e1ba5daa22c6441cd9b51836fde18a132852b0120740e909f6f743427ce0377476f990501be14fbaa55827ad31785a6910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2131f0e2189c239788d17f530e042ec3 |
| SHA1 | 65e4cf74bd6edb21c571c1b4abfed638ab800750 |
| SHA256 | 7873bb269591545536217e9857731d9abfa967e353cbfdb6af8d487726a1a6ca |
| SHA512 | 1266a281bbebc092efbeea4ab96204b88441ee59c7151df6bcad158a2b6e32c2b7b5b767fb7729360720ae59601311cee97230bc724fe385cf4cecb8ec65e244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb3c124a46e5e8e6aed7a4158809419e |
| SHA1 | 2c053fc9b9bb485d3531f7ee9ab8e6092669736d |
| SHA256 | 3edd545a6a33b6ae70d10d495884939691a3ba1db3b6e0b6851e16f08581d666 |
| SHA512 | cf0d1788e63d193ca7d27306d01f1bb89e97b9fd130d3a0740d98af7a25f540f9010aee27fa31351f7fc367fafab33474daba857fe306b7ab95652d30ec0ce29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77bc595d9e22df637a63b195a9cd2fe8 |
| SHA1 | 6eed055604d5c1b6cefe41067255e66666dc1b9c |
| SHA256 | 5ba066a9586b2bdd5e15e997acaa521d47d20902258d5bbf6186c879a729d257 |
| SHA512 | 1965f499e049da75c6d6afbb8fd9fdfa42735133585ffbaa06e5513ae6451824cad8b51a04db5fac7d547bbdcb1ada37fc0b99ef2e7baf85f16def6f056b195a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 319732e26c8eb3223aef2756b0f4aeff |
| SHA1 | 819697b891c45d2871c812091f6ad25cf0c06914 |
| SHA256 | 801967e695b8eb1111e7ce905e40024109516a60bb1a84907eff316f0d415274 |
| SHA512 | 4388b22de661da10cd0bc8a850f0d8bf3e5d78c8dd6c35110fb11a8996c561a4b93aa82ecdc6867a3db680dea1d939e7c07d83fcd109a7a82dbb0265392787c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a09d0ec97d27cfa00a7f384677a70d27 |
| SHA1 | 72d83c87a20c2c30c4d3aaf18301109f48370383 |
| SHA256 | 2ab6f85d6aa6c50e550599e5b5f384c56203cebbffe260fd5af1c742572e9fb0 |
| SHA512 | c20104d853841bf4c233c6a3d8a03f3e1a9fd02a8e82492f424aba00ba0cd1b757be9524c28e9d84b14a7a71daaae8c146dae7825b08bd007ebeeb9db2bf7635 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16e00ca3172bd890a229ef4b87655976 |
| SHA1 | 76ae2c6eab3235ddb8e4e1950248f32822f864a4 |
| SHA256 | 187e65b4ff0eb744fff114d65f4ce5d975ae7d8d6a14af58ea0a747f1d9e27c9 |
| SHA512 | 5f56cb2c22b5e7152bf02e68d5ea7559517846d5a3588a43b80f08df7d589fa2aab1fd2478d87deb504747b3dbb48697f6d9418f40e02ae4a6245af1f8489e7a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:39
Reported
2024-06-13 13:41
Platform
win10v2004-20240611-en
Max time kernel
132s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4160,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4144,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4972,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5460,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5472,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5940,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5936,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6924,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| RU | 87.250.250.90:445 | bs.yandex.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.205.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.132.156.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| RU | 77.88.21.90:445 | bs.yandex.ru | tcp |
| RU | 213.180.204.90:445 | bs.yandex.ru | tcp |
| RU | 213.180.193.90:445 | bs.yandex.ru | tcp |
| RU | 93.158.134.90:445 | bs.yandex.ru | tcp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 51.11.108.188:443 | telem-edge.smartscreen.microsoft.com | tcp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| BE | 88.221.83.203:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:445 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:445 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:445 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.107.128:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 128.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |