Analysis Overview
SHA256
16b80c626cf46e6399977bed47826f5a02782d7e938125643b588a55726401a6
Threat Level: No (potentially) malicious behavior was detected
The file . was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 18:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 18:45
Reported
2024-06-13 18:46
Platform
win7-20240611-en
Max time kernel
22s
Max time network
22s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F527621-29B5-11EF-BEBB-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f03d276adf9ad65bab76d19a682bb1f81e3fd899099d6b745e06ba445da942ba000000000e8000000002000020000000e82deb12e7cb395e9ca5bfaa606376a03d820f9324fa734aa742000bbfa07b9d90000000f921c9b0b55e5c1304c3f0476190d39b6372463bc51c81eead6ad7e2e800e433cdcd857bffe5046718f3ecb693460c07254c45d018890e220a1f3ba93795e6612cf1fc0e5c2188643b8690da06966305db4280af097ff1abe4a8c30b0c65a7228332fd1049377da5709e8a33617fda140c18f469e0abd7e69de641228a950587e0cc3e5d6f271c9b4421627b060379d040000000bbfcdb4fe0960faa40ede8823aacc2c596014aba9f2e988b624e5c9387ca19d275ec7f466c2c08d253c4643d30cd522d70879ee3ef0b4255b7946bfa7a9eb938 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50744ee6c1bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000be03bf88307f1e8d282c011756c4cf4d7ed2d9d6ae39db0ba50bef0fe25288d1000000000e8000000002000020000000f233209646c56b1e0557cea473bfec7dc6f003dd7021cccae93234a230fdbc0420000000f821011dc8f9c028fc756a775ec5adbad4665d089f95440abd2bae43e955fb464000000027213c2704e94f492b5ae11993ebd3e4682cd291fbbba8b5a11b12434694cf710460491185e6d8a02458165002119900594adf15fdfb40b1b34ce1ba12a7167c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:209964 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 172.67.43.115:443 | i.informer.com | tcp |
| US | 172.67.43.115:443 | i.informer.com | tcp |
| US | 172.67.43.115:443 | i.informer.com | tcp |
| US | 172.67.43.115:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | video.informer.com | udp |
| US | 208.94.233.126:443 | video.informer.com | tcp |
| US | 208.94.233.126:443 | video.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 8.8.8.8:53 | spongebob-squarepants.software.informer.com | udp |
| US | 104.22.17.194:443 | spongebob-squarepants.software.informer.com | tcp |
| US | 104.22.17.194:443 | spongebob-squarepants.software.informer.com | tcp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.2:443 | www.googletagservices.com | tcp |
| GB | 142.250.200.2:443 | www.googletagservices.com | tcp |
| US | 104.22.17.194:443 | spongebob-squarepants.software.informer.com | tcp |
| US | 104.22.17.194:443 | spongebob-squarepants.software.informer.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 104.22.16.194:443 | software.informer.com | tcp |
| US | 104.22.16.194:443 | software.informer.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | f95871d974a558bc8c64fc0135dee68b.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | f95871d974a558bc8c64fc0135dee68b.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | f95871d974a558bc8c64fc0135dee68b.safeframe.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | freedownloadmanager.org | udp |
| US | 74.117.181.203:80 | freedownloadmanager.org | tcp |
| US | 74.117.181.203:80 | freedownloadmanager.org | tcp |
| US | 8.8.8.8:53 | www.freedownloadmanager.org | udp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
| US | 74.117.181.203:443 | www.freedownloadmanager.org | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d6086d7e48dddc07da59f94ea2da95af |
| SHA1 | fe65bf813491dd532d16bf40b68f434f09503931 |
| SHA256 | 5fd3bf0cce637eb722f17a7e41f83a4d5593cf8564cb704c2c22dbffe3eb43b6 |
| SHA512 | 973711d49fd70637e822e45e3249e58a2b87e5da5f91f6c20f49639b6914bc04cdfe8f5ea44ecfb384ada6b0a64a98d030386eb8493960a9281661894a128072 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f8aa1a291d20db704aff8dcc99c0782f |
| SHA1 | 52ce8f8661c98ed78ce5e778da3ee0a6063eee0d |
| SHA256 | 67e07cd7b225a0c1e39e6977f6c9605db430dc8bc953f619b8e6576c0bbc7d0e |
| SHA512 | ad9c5756b501c2ab332eed9f82a3d8ab1efa36c1163bf875a249071ebc3ca12866c470396b42510f73a86117d56e074bdb4e82e55d8ce14f7028168a5a350cc1 |
C:\Users\Admin\AppData\Local\Temp\Cab195A.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1983.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | b7a5da3cd4e13d11fccef58f3d96fb54 |
| SHA1 | 18529ca4d36701b17e3f862160e2b5b82547f2d1 |
| SHA256 | 0bb4ceaeb69524b749a1be62d1998ac04b8ebe8df8fb2f7b3cca16fd0114caad |
| SHA512 | 0b9077f13f006873867803d777174bb61fbf5904f4fb15c9ccc68d2d272a6f3ee36d3770207dd9ba6f98bd8fa9a3492a82cc51882d2feca15fd2f069d361c909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a08085d7372fa1989fa364366c1661c4 |
| SHA1 | 751deac4dfdd9626ca6bc3072a434cc4f6350467 |
| SHA256 | b377e3b5ab839fbbc04f255f0999d55b86d537b375e7b387c54ed65c3f22e021 |
| SHA512 | c88f876836d0fc68760f7788b89c602cb9c2c79d4a237f1037c53e0501a489673f49d8ba59f351c652f4d607b55e251a43a3565a71763a14db05c05406ae339a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\f[1].txt
| MD5 | e3644aff9b7430206a3b1b0046edcc9b |
| SHA1 | a11fb8ceb0ffecd59b000960dc3093d0a70fc146 |
| SHA256 | c502400ee3e4a57dfd9d0765f687e78a522929228c358e59f3ce37bd39751ebd |
| SHA512 | 6669d0ce88d754847249d16486315d904d5c268b70648627f8d790b83adc8cd1fcc3a1996a535e6f9f7e872c1c07d643372115d0bc96eafe58b0354452edbbdb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\footer4[1].js
| MD5 | 75dc8c77dbd3a3245b95ef89af3b17f9 |
| SHA1 | 14a099ec8e7063268bc9fa161177e6aeb3fff8f7 |
| SHA256 | 67466b15c5aa4e57d1432761fd6a7e352acc9cbad12f7410ef66e4da6464045f |
| SHA512 | 682a8f1435766459320dd2351a1acdc2ad5a6e480b8ebf08046bacccfae6c315c8c8c57823119da80c22d79684ac4149268c7ca24e93afc0b46ac57449d4efc7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\js[1].js
| MD5 | d59483a23114c14554089a1d3beb15c4 |
| SHA1 | 513de9cc2500cf6180acf482cd89ce3e721ccebe |
| SHA256 | fe4ca895409ea8a5e4d1a36628f7f8b03d57f36092e336d85d5835e545dfc339 |
| SHA512 | 5f1e4fa4b252faeab54e92a162908e3c41299158fafee616dae4625505045eafb5ba2a8267fe1bd7861771815b2bf345c15c12773d76c9d9212bb0cfd50c1d2c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\f[3].txt
| MD5 | 98408a561a774e2414e19971eec1f993 |
| SHA1 | f51216ceb3dc42de1416511664a7ab3bf7ef6b55 |
| SHA256 | bc7ef6c5abc6ad9f53e4b766c83bd5f57fce9d43db9cca546b1187e4a0583ef1 |
| SHA512 | a81646843f0d44a52db9e04debcd5262d8892827aa0608fa3a9284f3963e9177cbf3ae99538c28692dcfa78ed6240ace96486e9e6eab6562a6b8d9e1b545f844 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\f[2].txt
| MD5 | 9d9f52df75c97230da238df91cecea45 |
| SHA1 | e722e09135acab7104a46ae4eaf0cd52c436cba4 |
| SHA256 | da563995c8336482dcbb5111f35e29613d82abeb5f6b6cdf1b553077d644f3de |
| SHA512 | d10dc48d566263328bf38d917b6a6a5261490a950a67fa5c3d4ec794629946df206b992d5e1dd8fdd4f2a5b61b1190561d02fa5d746f4ca71e63b7012b527b7f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\f[3].txt
| MD5 | 543f1ba5d21d72cfd5af1b7f3f5a7dea |
| SHA1 | 819aa419ec1d9ac0e6a75345ae8e501476abfe65 |
| SHA256 | e680f15ef156077429b715ace513107f66461727a57814c75b32246ed87e6f07 |
| SHA512 | 6e0fb83899e7cd129c677115eb17945418572d7c357b848870b791d131451374833e39eb0086a498dea4d915133104a140de8dfd83b8177aacb27fa6ff005125 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 145892d2f5abf655287433090f65b760 |
| SHA1 | 29666f7d2767026c2f25238e77327a5e518a8919 |
| SHA256 | e448ac188d57ca42a0d6d5a821417ad0780a50ba9aa2eb3898126784ce8d8da3 |
| SHA512 | 5a54f644d2a47985e62e4ed7b563f20eb683c3503769b521e40187e838736f57865f914b44ca3828c5451e40a10902f60f9a2f7507b82217ef28f13bcdbe154c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\sodar2[1].js
| MD5 | 2cc87e9764aebcbbf36ff2061e6a2793 |
| SHA1 | b4f2ffdf4c695aa79f0e63651c18a88729c2407b |
| SHA256 | 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb |
| SHA512 | 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\v7vy2rkjwnBS7GaGPCj4lDHg7-uqoQBgCnu8qUCxaM0[1].js
| MD5 | bf735e758a2d6f078e2cf03e6da174f0 |
| SHA1 | ebf369b18285533679ea285fa27223dad500c83d |
| SHA256 | bfbbf2dab923c27052ec66863c28f89431e0efebaaa100600a7bbca940b168cd |
| SHA512 | 7517b019d5846adf2f8003f43083e93e6e2a8b71cd5b02f8e3ecb693a43b3905c2f30e820936703205f993d464e8840f64196d9cc09f9614dbdb2dec45a03615 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\si_icon_16[1].png
| MD5 | 4608a4f74b97cbc9324bfc529c84fcb4 |
| SHA1 | d009c99eb932bc4e1184395b0f0b05918886edc7 |
| SHA256 | a2b96979e5cb0285b5324daa813c1d7d2a5463409543ddfa186653cc082e46d9 |
| SHA512 | 7f477412f5be0689cdd63e53439f0b156f511146c6489e717bc65a045bca2a7364a14686463d284e4df607299e91983c62d6adc79e420b91c57910f3210e3cbd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\leccqyn\imagestore.dat
| MD5 | 25300636635baf7f625139f23f71a1ff |
| SHA1 | 64e1f3de93975c3d7b09678cec3c9fa705e7b580 |
| SHA256 | e8d396f8405499e6b6b0a84f6ad0ea3acd1a2be706df60f4077d04a2dd5bc51c |
| SHA512 | 006af2fcdb6561b5ae5197cadd20d35d8bccbf9301689bd50cfd3078321aa374a58b0c621aa55bc517e6379660fb6b0d385799544316ac07057df577fe6945ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e62b7af6911ae006a0587d8aea8895c |
| SHA1 | 57d8c281fabde510b7cb80754a5d4a4b8b3a72bd |
| SHA256 | 84cb17a02d69db794ee7ab49dd2619ba037e7a61c603a096c404d746cc1f7e03 |
| SHA512 | 056abf001ed5ab4b0fde50aa8c54d1349c08c6476b20edf7e0495dd443744945153af6a4901346a89be6c59fa4d20202b585d38928573386c7b2b265bd863bda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 993b613861eeb5f072be1c4b469f1a59 |
| SHA1 | c03ab2cba1af8c824bd621bd0609ef9a1597a9c5 |
| SHA256 | b9236e9f1802079d2de79a54f50f21ba91948f54cbc0a91672d69cf9d5ad349b |
| SHA512 | a6918460f0786ef7db3b6e0f79a78ba93069020c3595a4ce1e575a5cfe9238f6ddeee2425c01eb5601e3dc114fc8308c524b2594499fa79ab5fdd9fe55690fd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3841c297ff47ff448ad571ddf4879e40 |
| SHA1 | 805f9a88c74e17a7bfde3a9b6b1bacc9d0b21e35 |
| SHA256 | 8fdafc56a95aa980736a24150d62ac1ba9b340766cbc53928c09c295ceab111c |
| SHA512 | a6ebd033cb487867e5eb9ea902d763dc22f1d8648018578f8f4cfe9001ececba562752ba4e8c86e3d259ddd14e27fa2bdc1f55f5a5169eeb41d0d5c397572b80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1f79f0df566b8f65a31d106aa30e834 |
| SHA1 | 047857900afd44288c5ed5f26fcee0a6dea72306 |
| SHA256 | c7d6d69519fdc58f8fe76dc98ba8709a4b01ef62c31f3544980319c320ed60ce |
| SHA512 | 98d6bdf0d358f2479591404bbf728fa047c0d6a9e2160b10051e42eb4bd57b834551890ea6aadcb862f323a4fa0560f224ed0c40e1989f2530f92dc7dd040d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c07beadbebdba3e054e4dc0ddd0262a6 |
| SHA1 | a57fa7ea1648c5a4d62ebee14e6703d74f6c2467 |
| SHA256 | 00976adc158d1b9dcddb5f6b0b2d84d0f20b1265f127fbe5f03c09735a42a396 |
| SHA512 | 4646b69bcd42a9dae4ef68bd930021915e97ea4a6ca10435db07c78ec7b4e0c12386553f1cb9d4a0e2641bd12b413cdf95f138b303d9295d813aa7789a234b13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f4db47245498fb03a71ea429cd3571f |
| SHA1 | aab95ff42435b4b94b15e09f4ab1075faa45e5d8 |
| SHA256 | ed74e3cb91c6c17956598133ae1d457a22355131a5f7ec2d27ad20dfe117fd68 |
| SHA512 | da4bc02bb674c4e57e212b7cb7a757f4e75bdbd8e42796599d9978265e52c526d2466e90cc79ba26cbac9415c7caafa32fe0a7931d757a345733853c44b4e98c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 606759c0663d293c6204fe2c0c92928c |
| SHA1 | 171b45387e8abe4f5a6dd000ad0fdc90d152f490 |
| SHA256 | 149bd616adaa8ec92bf71b95970cff7348939b8555fd2613601417bf4d05d57e |
| SHA512 | 62a009e78912f90eddb75c68103e15e75cba3b159341bb33d6b49371b6e505f26ddde39fda0b2915f69f0e2a3631a396bf1b9ade800c2da10070e18f4ad023c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c76767c778c5e04d007c8064cbe2addb |
| SHA1 | e7a660c70c4a7aafa1a03c18b8fbf161df84f2aa |
| SHA256 | f6214072c77f2c195f335100b54952c4cd9ac1651e6b39dfbf9f29f4c975caef |
| SHA512 | d1060dbfeb834faed192ebc703ad33dc49c37d440054e6ed3873d743b063a1f2554eecf9c896e56fb08f4be194f7f59008188373d675b92a97428557f984a12d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ae514def1da155cfb17864fee180ad7 |
| SHA1 | a38ec1ac78603555186c22cf2ba2120a210c68f1 |
| SHA256 | 1f98584409700ca9382dfa6063836f4b4420617fd189047b7aa49cc85581841c |
| SHA512 | c480ba9027284a1872a905baa38b9cee342edd7357ec51ff1249fdc80f2607ffc3ba2b06c099e26e46762ded21eb7aca99562a12f5f0f66bd6a74f600a5e9177 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643
| MD5 | 43cd33325feb36547b7b014cbd77ba5c |
| SHA1 | 570182299cd1c55ea0b7fbe905c4d5f38d5d504e |
| SHA256 | 69caf21040d913d86949cf036613503ddafec7edd5abb540f4cfda97a6168f75 |
| SHA512 | 48b2aafbb76cccfa1c34a7036b84c23b77dad68c2e06eab4e7db1e3526e4f1f29646e6d2dcefc8e2c9d2fb355d13fae85bd6140c071a4b608d3d43273c3b7ec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7B6B0766585C28B689143E993A052643
| MD5 | 63ec660d99fa39e4c21b6cdbe875965f |
| SHA1 | ce1e9bead2fabfc5582813d808926c7466f6b6e5 |
| SHA256 | 179379230d8c8b065f99124794885618cc673cae21d8e68ccd81655c9f763de4 |
| SHA512 | f82a62e3c34d4794331ecb5c8814e65c49eec7ff39405ab9b49e83eb92931a6ffbdc5397abaebea5a1bb8a9fe405daa99cc06b500c1772a09f33db27946f02e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | b41c50648572499d3ee2590006a06609 |
| SHA1 | 925f5997fcd0ba673fe586786bf7028d948f253b |
| SHA256 | 3b675bbfa67540d2524f3fc2880bc42bf76ddc0032a60deb7a7e1c1283e83497 |
| SHA512 | 57c26f5033ffa351c2f108b5b77ef15b80ef31494a5c7c1adda90de16fc63bec0b1c7b5fb5b417b48e3407072cf6e7a5c59ba4b87808911791bfbc60cb9ab506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 512c1bee038f4a0f13d66969c3fa917e |
| SHA1 | cd4987b29b18fa49fa10ff78d205774aca748e58 |
| SHA256 | 11a371482d68380184186aa16048fb60e72ef4a8d651723918645c65cc59c226 |
| SHA512 | 424d1b1837f11b882f032a20db2aa9720317e4f8b32de80af8686406a4337eae69edd3710166987eb6625a1b7194bcb034f6f08071b285b667d1238bfe333734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4def5f1ef71385be37d685feaf5c0540 |
| SHA1 | e0ddf641b3bc3a6ab63aae32d4d290374991f8c7 |
| SHA256 | a57a06937427297ed1c41e09615d733ea9ad038b88b1abfe9783862e5bd5587f |
| SHA512 | 2fe4c7cde9c9766cbc624e67ea2b1cbfcee53bacb06a177d798f5ba20b067e336f3bb77d43bdc4368858cc76417a601575dc557feb74128a7cb212f9b4b05bef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | ad393e5b7479efed96650bbb5ad97ffb |
| SHA1 | c308b8ded43223a619b8d9f647cdfdaa10053ca1 |
| SHA256 | 043f20b8a992abfd4629ea68fa871c92c4e1f1862c870fc426bb4ed24f903b6e |
| SHA512 | e8e7796e8641c74473c639f7adff6dcce6761824d24efc1702f74d748fb860b574b5b9a6e9f6834e75f9b555dba4dae277c3539116ae3d1f60b22df690357df7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | 05097ca627fa57e56637074ff4d0ec95 |
| SHA1 | bc0e7d5cdcfa80d4ec922b7d5850a6a45bf17128 |
| SHA256 | 324fc74c876151293824f10b5662a10bab64f48cf70ff44e23e57f82b7b83895 |
| SHA512 | a8b9d046e6ed2422415a849b576265e6e27dd848369781c6b48bbfab868cf35024d6f28594b177da5a68b050009967f57b42bbc50f185a59db52b3b2812c57ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2e2231443cb7ae1eb6893fd2c348071d |
| SHA1 | f42c8ed36b7533765f49386ede30bfa16fd4b8c6 |
| SHA256 | 8771d0dd41d115c03c9db99a3afd8dde40764531109ed5d77a810c5fd1ffc5fe |
| SHA512 | 2a5df718114dbcffd833ea8b8e0defdfae0d47a3898787e2dbc592025c738713e49c02fe18b360ad8481c401969d54a53761600895f92e2a1afb948d522098dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2a2b0fc66abdf9cc8b50eae6053dc296 |
| SHA1 | 63b443f956dabfc1ba3e9d7c3514cc7f05346e90 |
| SHA256 | 7bafa5396d1ae2f62a0640a586849ce007b6bd254cccb4abcd68e1a05574e099 |
| SHA512 | a59c4b9f685037b8507e210086d5eb22947b632e3999ad16fc2fec599099f726e8e766c797f039f2c243af3a08b4d4b7a7d9fe7210ae8745a1b60bf36566b11f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\log[2].gif
| MD5 | 325472601571f31e1bf00674c368d335 |
| SHA1 | 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a |
| SHA256 | b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b |
| SHA512 | 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 825b0a890b909d6f905afbd40748a3e9 |
| SHA1 | 72fa58e62196b76c4a79663805516b1869e5cd56 |
| SHA256 | 9a8a5301ab6052977a54946fd30513488a139099b14d80ed9cfe5e65996c3853 |
| SHA512 | a95d3813c1756042da1bd292711c587508029ee172ffe75d5f8e2d50928018249d888ee4cfa5204c831c3cdfba6b19322f23d5c47f1b2855b5ba585847b04ee2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 633a5f50b694d336b9f933034a46d149 |
| SHA1 | da0f4a07354610fd9ee78cf615e653db63473bdd |
| SHA256 | baffab49da2432c6279d3270570c3a5fcc1e5c3f117d20becde6828fbb7f5ee0 |
| SHA512 | 34d5ae71f3bf46ed866060ca4567253dd8cfc9d71f231adb4d950a7c6a872dcb972510724aa9e8e8f94c6278f7caacb3be26305ae2b38626234119b8e204766e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0O117Z\favicon[2].ico
| MD5 | a2a2e5e7382343676817d3f83c1e6e6a |
| SHA1 | 323a88bfe1d970b385801ddfc449842a698d925b |
| SHA256 | 4e7c4f74211abebb3c4e8c100a66a637e60c98d153d0b9213011c02b1c82f205 |
| SHA512 | 52333e7013acb9c6eab83cb71c1430675ae94396c1f4fe2553eb357ddd2de80ba3dde761b01ec5e537cb109e9c6bc46ee5183f285552f67b7f29e408e50f0d44 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\leccqyn\imagestore.dat
| MD5 | 062b98852abbc2ff73d1adbb7ab1a735 |
| SHA1 | 2deede8c7413f883a4e4aa3916339ac983ade13b |
| SHA256 | ba3a89effe0c9a64f0adc1d0f80480d4cf58604b74f54a2603217a9bfe8cabd9 |
| SHA512 | 93571d29fe79b216089abdf88b81df6b574b42e4e939f6ab1e89af667c79292695d90004d68b0b9100d8abe023fa22c4e1f100c324e2d1f47f2424dd7d433df9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 18:45
Reported
2024-06-13 18:46
Platform
win10v2004-20240226-en
Max time kernel
27s
Max time network
32s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4608 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5016 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4588 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1028 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5448 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 74.117.179.70:445 | img.informer.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 8.8.8.8:53 | i.informer.com | udp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 74.117.179.70:443 | img.informer.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 104.22.17.194:443 | i.informer.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 70.179.117.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 8.8.8.8:53 | hits.informer.com | udp |
| US | 204.155.159.109:443 | hits.informer.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | video.informer.com | udp |
| US | 8.8.8.8:53 | video.informer.com | udp |
| US | 208.94.233.126:443 | video.informer.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 109.159.155.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.233.94.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.informer.com | udp |
| US | 8.8.8.8:53 | 71.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| US | 104.22.16.194:445 | software.informer.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | software.informer.com | udp |
| US | 104.22.17.194:445 | software.informer.com | tcp |
| US | 172.67.43.115:445 | software.informer.com | tcp |
| US | 104.22.16.194:139 | software.informer.com | tcp |