Malware Analysis Report

2025-04-13 11:43

Sample ID 240901-phay4szgmr
Target 1b39dcc5de43d2840d6992a561e34eec.zip
SHA256 7c8c098ea9e14f0708472aa795393094ba6f4ceea3297d0a47c2abff99eb42a1
Tags
downloader infostealer flagpro discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7c8c098ea9e14f0708472aa795393094ba6f4ceea3297d0a47c2abff99eb42a1

Threat Level: Known bad

The file 1b39dcc5de43d2840d6992a561e34eec.zip was found to be: Known bad.

Malicious Activity Summary

downloader infostealer flagpro discovery

Detect Flagpro

Flagpro family

Unsigned PE

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-01 12:19

Signatures

Detect Flagpro

downloader infostealer
Description Indicator Process Target
N/A N/A N/A N/A

Flagpro family

flagpro

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-01 12:19

Reported

2024-09-01 12:21

Platform

win7-20240729-en

Max time kernel

122s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{693CE0A1-685C-11EF-AEC3-E6BB832D1259} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0006e04069fcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000dc927fc4860e9bc8f599d0963cd0c656eb02d8a50fc354fccb6649aa3ea7e699000000000e8000000002000020000000be5c03bbc9787ab25425e4b2c568d572e6bff9af88b8043a3025a0fb4d6efac820000000128350ff0d780b74cd9b03e280e1d7cd8a309a4cbe132cf44b0430eb595fa24540000000fe17db3927ce79d697932ecec4ba12c23b6252bab3c3488158f87270d83d053339dfe0cdc258e81e47a002f013e2ab7d1571843b35f3ded7cc8b85e5269bb605 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000e2ff69a29d884e86ded21ffd29854cb7e435b597a170eead0672e0e672e07abd000000000e800000000200002000000078ba3b961a5cda6ae12a824ef3015d8e0a52c9a3cc671a0bccdc4838bd1ddbdd900000000ee78d85e7f9f16836c154b585d58b73b321de96b10cca69771c4d2b85ed926c1b21ab07e22ce3bf66a0efefe8bcf3dba1fcad9c64b7298fc47c317ec6fda32387cb8f47888fb0d25f4f12f482a5ad74753b6d0c7962353a22c72461a4655011fcff71fd59f1d5b82828b37d9c1985d6d73d3c8091d2a67a0c4df13c44ff7e60bf22f1cace0168e6318b7149e4e47abf40000000129ec2149fe6333df4012515f856cf91883ceff3a465bf37ca7f488226d58144bf56e1dcdaa5e0c679f08099457e90cb5137f902a8a2712e3f0b59d2606dccdc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431355026" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe

"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:537613 /prefetch:2

Network

Country Destination Domain Proto
JP 172.104.109.217:80 tcp
JP 172.104.109.217:80 172.104.109.217 tcp
US 8.8.8.8:53 cloudways-static-content.s3.us-east-1.amazonaws.com udp
US 52.217.43.96:443 cloudways-static-content.s3.us-east-1.amazonaws.com tcp
US 52.217.43.96:443 cloudways-static-content.s3.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
NL 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
NL 18.238.246.206:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 cloudways-static-content.s3.amazonaws.com udp
US 3.5.28.220:443 cloudways-static-content.s3.amazonaws.com tcp
US 3.5.28.220:443 cloudways-static-content.s3.amazonaws.com tcp
JP 172.104.109.217:8080 tcp
JP 172.104.109.217:8080 tcp
JP 172.104.109.217:8080 tcp
JP 172.104.109.217:8080 tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/3068-0-0x0000000000090000-0x0000000000092000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab4942.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar49B2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412e6fba752faf52a10505b913ed55f6
SHA1 be16b8f0b269ce6d0cdf74657d9e83555e8f001c
SHA256 e54e03ad937043db48de578fea4bc85bb82b3560b4f36330ed7ffc90d805e961
SHA512 0379300ec288974b8cfedf4d3aa28ca26172c5637cab986b9c7f08adb06a7901e77d97033f67dbb5772cf87672b0c73f744beefce2b119ef591899b43b8acddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e7a851d41e768fa116989de2a517767
SHA1 5262d581dfe1793f8bacece70f5230e54bd0014e
SHA256 8fce160546dc0a1819f59eb73027af01a16b9be5f1cf07f9298583602c380355
SHA512 99e3cd8450bfbeb7b373055eb17ea957b8dc50390ff8b1d4e15748750c98a33cc7b423387dd59f3586bfc41b03817796ebdec7ee27608c8aa398e54f58f262fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 8effe7c7b543a25cca735e24fc59e4c9
SHA1 1118860b46c06bb2ef7201c3886c51b96802f989
SHA256 62cb15c4265e09176c26b12c72ac20a0f9471f7823f3e91b8eafb068b7df3dec
SHA512 858a91563d6e192d5ac14acbea73d8e0a53cd2e840f6c249609f53a8d8cc6fe658adc477baebbf8f6efebba55d2d5aaa74f8f5557e0dd79af6a7ca4fa3600f79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ddad82fd111319d4327858f706c5701
SHA1 93fc74f7545fcb6cf342b5d27e266a560534a7e1
SHA256 6d865e3dbba8bc564c1c951c89f421dc9658f47172e02d1bf309e0a50fdf1375
SHA512 e3648e15122605174391c458304a21698f39fbfb559db5a7c6a2163b9a58c15e711174f8a31bb84a4815f839cf68d3cfd3b631b346cfc8f7eca5a8120dc8b961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a022ccd7449ff422a45b654f7d6d8e9
SHA1 285e8e43432dc9029999638f532abf54da50baaa
SHA256 73c8a681692feacd39b228548a9978cc96fc0ab3cda530a2675ded46e70241ce
SHA512 e41afaa5f61f345229d2f9c3a2fbf9f1e3a183533a7ade7011ded3ffe391486d6eb92f611ec0a689920d18257b847b42f3e178808197a5c46479d078ab7991d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45fd9b2472bf7f4b07e953f276bde50c
SHA1 768655c79fcbe2e675072149bf838e1d90f9f9ce
SHA256 61f3e54611bc0602e9a9790f76e2a2fd68cce0f3fc18eef2e8e515287ba8d2ad
SHA512 f2a6075084644225db2ab16a7743f4d786aeba0b2ecf92ad1132a2ec198c3a1df00f3bd247d0ce551c788eeceb3301c638affdd617d1436b9bb07e61fa6e8d94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea2095e7e89f6919bbfb13c3de23f63b
SHA1 d1af4b2b90524baf8c806100e3757c85ec55f29e
SHA256 c1a9fcc074c880782cce217caa7a28fcbf028271fd110980140acfa21c2c2d69
SHA512 dc07bcb564be65167c6b9a55aba08ceeccfe177b76179745101004ad739d983be8c1f599b73451310be8ba6235f0f1f1cb09b25d8d985b71d2a6450dacadd30c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee1f293a39f6b34655efffd9803cc389
SHA1 f272c364460a8ab03bc9036a52a4dca5b037fcbc
SHA256 46f98bf04302c8213561d7d95a5da7efdcefc5d7c2fca98d7c5f224219880963
SHA512 58e91bc8de2c1d1a5a952b30513ec103caa7272bcbc2ccbff102ca8afd751d86c025c69cd0d7b5caaff00f2d6adf47387a5b6b9f573243a91fb65dc1dfd50373

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 916a3a2e9be7b3416cd2fa8f1d4cfa38
SHA1 08262e18b64cde466005b394046dd58ac5828d40
SHA256 0be3cee46efe150c8d49583a4b1ce43335c0b41695ab09729ecc04b5168fd29f
SHA512 b8f045f487b5ed072974a7d0a2dfdb9872ae0769397e02f0fe7270d5dea1a592664f700eed2e263c8f6af2e59fa9700a2dd16833039e3329082c96bfc0dc5fb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1238092b8470cec0164d73b049f7831
SHA1 52ca8fc2d1bbc01b1af805d5627b02bbbd00a384
SHA256 e16ca3d6e92b4e8beec1d8664d52c59633faf001da406197a3c2419dfc730517
SHA512 93e16022ee09a6ac82daf1bc37184d36de073138a8eada821c5925f436030d61a747ec59ae9b8e3ca27dcf41350425d79f8957c82b3d4d2ca16ef5685028d60f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c21dbecb57d2a3dd7ab5d47df5c77285
SHA1 6a81577f220f380b7ce2a317d2e3de9f53876117
SHA256 373e7bcd07b7c785c6e544ee31d3a49eb512422bca88438bfc802ebf365fa51a
SHA512 0a4ce88a16337c3fd722fd0aff0ad5b8f84c31162e800afe9ae283c641b122770effd7471343ae72b3dd0b196e91d7d311c2338da2760af2551c5323b3ec718d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7ea27d4cbdfcdfd61a4b03e4cd261d
SHA1 e715b6fdaa559dfe2d379f3696b95956add7946f
SHA256 37f7067bd9ac6afed2e5f60e07a1a210133fb0eb6c84496e2e4d16f524be17f5
SHA512 ec545f4c630aa3bb280a0a20a29e1471f53078c68031e47b653fd8893c6851de6eee88f751cce7bbd4251fd7cea82eea423889bb803762841da8fdf4549cfc34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af917601707fb4cd9474d13fc6e0a0fb
SHA1 e381598c7d7ca7b5cd9902cc8cb2f506c15d8803
SHA256 d931edd18647eff6dbc4aaf5e6b4b1477bfc0d6880c592a85524d49bfd10003d
SHA512 aa760e21cd0ca6ee981230dd186fcb8fb137b658d280458b31f2f8ac34aeb893c085f7f79325b657255aba9fa8132615562e37fd145715f5b7df646dd0058916

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01d6922bbf76d9a068daa14d10027603
SHA1 d4f52098c9d9c8225876b4ff2cff6eb0f15a826f
SHA256 ff5a1bc7b93558b61eea97ae3260d6f91daf9d2dfe9c263711610b41d0cd9a1a
SHA512 9cfc8dcc3ca48a438c344a0d5d7ac9c8421ec9931df9839f2e759d3f4a1e663f1a7021ff7794022c72069ba18140af11f8af3a62d88e6ca0d8b504d1dc2df46c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee44e6f7815bdcdb23338f98ff162e19
SHA1 d6f9bc16a24492efbd4d390499c805fe0041b9f8
SHA256 2d0f635230b41e2802f0250d2bc7fc93dd801f6d86f38719f541066e44babce7
SHA512 4f11d6e1223d5e8915898af63f593373e75b8f16b659939684b88cca0e83ec17d66ba423c4b1716442121c9a9a798da609bab573f0c3896caae82e90678298c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d26ae6385f017a97f869bf5509da6544
SHA1 469376fc69b441074288b4767a47b623949bd247
SHA256 33bc3b71294f75d9d3fbd417982fc98a2015a08118be6ab4ce8a01ef49b209b6
SHA512 24cad8939740e36fb731e96425818e13bb7fa2d94ba51b8a67f9b9ec568fba0755f8e0dff9d4591876e6a03cad5906a928694ac19d41beed605ac11ae0127111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbb0c248312da1c8d2be18424721a8c0
SHA1 fc7188756a63f578edae799d936de7ec107653ce
SHA256 eb96d958f6808b0762ce85a4ec900b6aa653c3efabd6fc19afcfa7afef06449d
SHA512 fc8d1eff27f74e8a00b8638c98b35ad24f734f105f98f164623e5c9cdc05a8c205b3fc6e306168d59f14eee31f0f004b9f626f26f6522aef827b3e1ff3f084b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6b74628ac08ed69fee9a822a660c0822
SHA1 609920eb9425d60ee4e642616f08c90a84d0089e
SHA256 aa8039ea981ae0c5808ad95f599ea53b42a52a1289102700690a04be0f472728
SHA512 a2fe961f1709cc076db2f560ae1e1ddd0e8bac8bc9fe8306a12e86bc7ed1dccd41a614d4ea656e35f51c9e0bfffa532bd5b4095ab4a7b710d4c2d702facbfb3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20070b741ece3ade12a70b86bfd7ae80
SHA1 fb3fec7036303c2b0e089a7bd65daad36a9c6152
SHA256 38d11ed6114c8109f59915d0a7dfd29f84e2a0baa1f125d493b36dcbd575c398
SHA512 c241611dff60eb676e401e8e348d9a03a954cbac332de306b5cef8f1334a9221c79394aa1785ac5548b08f11ab369bb5116d6f52d70f5c86e701db49ed58d1ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d1611fb0f005466ff42bfbb80bd4ca4
SHA1 7f432a4547cabcade382e93200e559fec326b862
SHA256 9af69d00e0ca1b6b8791db00df70ad0fdfd33fb45f5a5c7d89d57271dc527094
SHA512 35f389192c2693caa8d14336e01839578f0d0f4f49461331671b52afc0daa6109721002a25c196e851c501c3e6fddd2fe423227c2e4ddc66730757304030e055

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6754e20f8d3163b526439f07351bdc88
SHA1 358aec91e8f5426116bae4f70964f8780bf4e13b
SHA256 eb6393c67e1389644f5208d44814641ef6b05516a9697da3bdca01d8a30708ef
SHA512 085cb558c4442336876b9b04e5283c6584e4b86f56ebc5c32daa221a80a8b92a716ff1a55adaccab8e31fef211908f086e6a10ea5dbc350aee99c28c2afcf426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 935fb38e4a2a53a90a7e9caea411e2a1
SHA1 39514eb95fef3c3b2dfb6fef44ab0b76b84f8a01
SHA256 a2797b37d85e8b29d4a77926ca8a15d4fceae60d1b7c2776dc9f7e3493d36387
SHA512 33aedb27941c584b16e5c9ed57d7275b263a9f9a93d7a3f864b9e3be2fec0cff33de5b2bb83872cf7f9350de8ba977a0793a6dbfc1d89d478c4776aefdc3e6fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 61fa74d2fe5909d9c7026dfe627c3c85
SHA1 e01d56eeca4ff7d0c27f4c9367de37da09255089
SHA256 11ec050a37ba203e302cfcf4214cabc5434639f17653932dd72cd43a16c31321
SHA512 aa20ea18a12ebe423d1f68fe15a5efbcefd9204a5881a5bc2cbefd3b2dd9acd5cf3c35a83c917bf7827ef0d203decf41d030b15e8e2c68820dae187e036ccda8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83e14c7fc80e7483da6beeb662d0c8f0
SHA1 fe0d0e89b084ed86fa6a8e68126928b1dbb17ffb
SHA256 1a2c84e0a10173e78da5457318cd774af6d516d264e11cdadfd0a73679c64143
SHA512 0f9a9fa1b60ac3c1f27cae37166fc841747ae399245227604e1e23f906535d03b93f4e53fff69549f4567492ba7452e597184072584adf2de9844a9c4b5fa401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 397630fb63605fc16948a950fd76ba18
SHA1 840c11528ce5ea4eaae83b2a191578a7ec4c2600
SHA256 7235f27836436b77e9fa2f851c837b6f4af5b0ff143f2c3115e9aa1a4f99ec5e
SHA512 45306a51c578817ab6361da3f2bd957ad20a8ed28ebe3ced7664b7e623c6887bc086dacbd20bb4e25585f0a27b8b74a473ee81b8b8a01ca5197c420627bee83e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6106328272b8e46f289e68aed021ea39
SHA1 050fa882b0e5a8ea0f0711dff6dd09397486a924
SHA256 d42ee961751a287e342996f2cf950fe18a25e55f31715967a6968796cc097410
SHA512 61040b9874d4e239dd2063e4ca9904e245d7eb8b9781e4f969de50759cca2cfe8f3e4ff14e734b9d2a48f3a0e12b49d6516e9134b5df7071b8b9e8073159bc19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575a2765a4426db235e24c72155322ef
SHA1 974d40721e06337aabb95d2c8491e1384eaa3437
SHA256 d071de7d28cb7d8cb98ea982adadde9e8237b7a9cef1fee4e258f49bbe35014b
SHA512 fd0f258a4eab701dd0e6df3371f917a6de842676bb21012a1e90aa6f2467d4bfc6cba42def3ce945e216ad926ae6534e988afa732a4df2af9c78bff697c22181

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-01 12:19

Reported

2024-09-01 12:21

Platform

win10v2004-20240802-en

Max time kernel

135s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\ielowutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c5253369fcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31128681" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003d1c6f3067c0c84abb3839afa92ebb0f00000000020000000000106600000001000020000000989c723019f56c4d8b4d53cf178598db330eb916a173b9fd7c0089b46f957887000000000e8000000002000020000000824e314cdd36040ae7898bfb0e167ebb39b597e935624817770daf85084a13ea20000000be6780ff9c2dbde7729500dd51d2f15859589f9e61af8a34d7ae80d6b39a5e34400000009fa1d6cff2fd654cf1cc3749a33dc6b862e6a93d5915d6e8ca2db19390b7d684c67b40e19c836ef22bc3c3df40b4222be8aee40a981211bc1e9d2142a9b528ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1045773811" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1045773811" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{69F2DA85-685C-11EF-939B-562BAB028465} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31128681" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe

"C:\Users\Admin\AppData\Local\Temp\e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3784 CREDAT:82948 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
JP 172.104.109.217:80 172.104.109.217 tcp
JP 172.104.109.217:80 tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 217.109.104.172.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 cloudways-static-content.s3.us-east-1.amazonaws.com udp
US 52.217.206.10:443 cloudways-static-content.s3.us-east-1.amazonaws.com tcp
US 52.217.206.10:443 cloudways-static-content.s3.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
NL 18.239.62.218:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.206.217.52.in-addr.arpa udp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 cloudways-static-content.s3.amazonaws.com udp
US 3.5.29.114:443 cloudways-static-content.s3.amazonaws.com tcp
US 3.5.29.114:443 cloudways-static-content.s3.amazonaws.com tcp
US 8.8.8.8:53 218.62.239.18.in-addr.arpa udp
US 8.8.8.8:53 114.29.5.3.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
JP 172.104.109.217:8080 tcp
JP 172.104.109.217:8080 tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A