Analysis Overview
SHA256
e541daf33a17ac2f1eaf86feef7f46c85fa9bd8f03629576f49a3314d1eb60f3
Threat Level: Shows suspicious behavior
The file 804efca48f035c54a2ffd12c645dac8c_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-02 01:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-02 01:46
Reported
2024-04-02 01:49
Platform
win7-20240221-en
Max time kernel
127s
Max time network
148s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://df.onecloud.azure-test.net/Error/UE_404?shown=true | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000001467064bbc550cacf4cfa34250b17cfb1f8887407617628580474d787e3c30dd000000000e8000000002000020000000699fe8e852abaa59417f8c3a75cbf1de3265a55c2d9103f0668e7c22bf68560290000000f0df3c63d3b80c3164666331dbb5461da518aadaa43ce0ac9cecd5c4b40cc4403694a469a37895b29cfb9f0e39ed3b54e7033bfa7c6c8f5fe2154d3c28540f2fb4d23fea393355206c4fdfe30153eb5e617b28b2df0fe814f112ae8962ae4e0ffd0646bc8b533e8d65ca81bb6a58fd3286c4d5c985b7d086b0e2dcaf5b4b7d2dc9db491f447d88821257ad8c69b0abad4000000023626776d7d7e44ab56cee3946b7f111b81b2c781ccc722a94fd16502d0ef7b8ab979c3818e9013cf385d028f36ca7102bc313d8dbdfbe6f6e17018f95e47a56 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000020d386a81199d87f995217cc24d6def155204290ab6fb9c52f442b0ce3c6dfaf000000000e8000000002000020000000c5949b0aebc90c3f92d5a01f3bebcd8b8ab4c2d40f11c72326ab4cbd119232bf20000000e6947d4fd2ac8ef149b98534d333cddcce5e0d2695f7313dd814f6b3f95db09d4000000038d9a15df4af36f90215eb6bef03008f7cf7c02f8eb3d78113051336b18cda445e35f748140a80a20aed7ea2f2867424320eb4b3990a7a56f987ddd1d2a02022 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7B49E71-F092-11EE-B671-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0fe16ae9f84da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418184266" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | journal.cyberpartygal.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | bp3.blogger.com | udp |
| US | 8.8.8.8:53 | bp1.blogger.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| GB | 142.250.187.206:80 | apis.google.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| GB | 142.250.187.206:80 | apis.google.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 76.76.21.241:80 | www.stumbleupon.com | tcp |
| US | 76.76.21.241:80 | www.stumbleupon.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| US | 13.107.246.64:80 | platform.linkedin.com | tcp |
| US | 13.107.246.64:80 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.169.65:443 | 1.bp.blogspot.com | tcp |
| GB | 172.217.169.65:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:80 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| GB | 216.58.212.238:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a790a55b2959a93a98cd4182d0ab2502 |
| SHA1 | f5924ac504fb214122f6ad958098cc2f5aef60c2 |
| SHA256 | 91af6650c048c35db930f1309dada8618815c3f9545f1924334ad7123f686ea4 |
| SHA512 | 38c169a4b18b8731a003e88c3feae00d7c929fc80403f51b7e4c21e7fc6e5a143f1298bf88509e1a5bd932639f29e8955eda19def83097c354cdffc3633f7a69 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\style[2].css
| MD5 | 04e60c12a98210d9b6a8dc0726f70ede |
| SHA1 | f77732b00a56192c78b7018ab05ff9fb572352a5 |
| SHA256 | 89d5421464321e9a79fde0fda4ca654bfcd6ad1661e8f44c7c7e28c88eda838f |
| SHA512 | 18125988b749b000857b98c494635ce0375f41c98295ac4db4b5cc591843464bf9a11030575ba684446ecd92329c25c140aa5589e43d9251fcfa06a117431a0a |
C:\Users\Admin\AppData\Local\Temp\Cab938C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\plusone[1].js
| MD5 | 15311147ae03f9fdf5233356bfed5329 |
| SHA1 | e79fb48e7a50fd4cfefd66da0c7987c2bd4c2f61 |
| SHA256 | bbf52fa72bd341647f0ee087568557bf1014cbf59bf6f79f35c2493feb8ceb64 |
| SHA512 | ae9f6bad307e135a491752f046a9011e941ef42558c8bca82fcb4cbbf40877f93514020c7f189bd15175b5cccad0d67400b531c982dcacb637339da0f82034fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
| MD5 | f5cfbacbabe3d06980ac7b701d192838 |
| SHA1 | a60f356b5d897b8e7506d3ac4dd186a5e911db04 |
| SHA256 | f41d728206a38e22e3566e0d4683fff230044a43227612d7287c086758aaddb0 |
| SHA512 | 42a83ea55a0e331b455fd12cd4a35c27e32e8dcbc18c12fa5b32ca978efa541c3ab7cf3a2df96501c1e89400bb8a755a83eb9fca4cffeabc4c3a318ac2212e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
| MD5 | 4cd614eacee8350fd0d3aca982718fbe |
| SHA1 | 4b692375aefb2748b01c241a3d2e85c454e67ace |
| SHA256 | 9ef395ecd0d9332043a72134883842f6bd2d4f8eb44b4eaa8a853ec6676f5dc0 |
| SHA512 | da7c563dcf4bfcb768ab9642524f70801aefb00b376fbe9b1997b8215dff6f8baf35d31a8993f704308f8e9d4b053aa3274a4452ce1ca393a806d48f373c81a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar9538.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[1].js
| MD5 | eaccf6d41fbdaf951d3ec5810f1de48e |
| SHA1 | d765bfa4fca5729b4851a8a8a5e285fcc0c037ca |
| SHA256 | dfa8b29b77782528c76fd58f760668b3d889d8beb1723a20db34a70b6ce524bf |
| SHA512 | 3e04826b07397a4ba9b3302907cad1231adee0a21c20b104d75797ecc3555a3a1108c752b12a9b09df922d1c91586b9347c672e670188336d87b909e41dd0ca1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 621595b1c9b5c37c60e8b8bd76ffc8ab |
| SHA1 | 61dd7d6958bb77d8c64444329dc341844c1c0a7b |
| SHA256 | ced84dd93319e2aa592d1e7eebde8ef34a3354daad5ae16232833a5b5aaaf484 |
| SHA512 | b90cb1726ff0525675c2097fc4912e5b65f6c624d5f80385f70b68158c5dd8a80ce554eb2407c52bfb036748184cfabf5cbfcf9bf8ca6b66ab17462baecd6787 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1c18236d7f139924b78a94507c8100e |
| SHA1 | 3f5e1b71ca70e88fa23959eec2f2a5176472ca64 |
| SHA256 | 9ddd6cea19dc631725a192042e2ad4e42021a1b0fb193db8e7d0819c0b96b448 |
| SHA512 | 270eab797cc53f92817920ba37d8621c0e9cb967ab3e79ab690ad88d954d31583d7f497c396ad94b699f2b93564582c2e1699e0cdc8b0120f81f69ce2537a49d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea842740cccc1c3e66f07081ac951731 |
| SHA1 | b227f077c0bd5a3830e50a4bef834c9fbad4f503 |
| SHA256 | 55cc6a797d94c6cbaa5f311f732c755dd7c6c2fce8c173f15a277862326f3716 |
| SHA512 | 3b891c621a4e78eb152386525eae490417fbee25ff255d475f13a70c0f64ff93e40be94144025c6a6939ccdf0ee72f761a50e8d1fdb7527bde0bb3a7f1e6cc62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 906584da7dffd6116c3bb9f6c2b6be40 |
| SHA1 | 6980bce1b6b5a3a1dccf9d003a87899e7db1e08c |
| SHA256 | e275a3f0e7635f3beb5952ce66e0e9ab81924fc1ebd8b15394e1867800d9e1dd |
| SHA512 | d3699b668cb6c91dc3237aae8a31c8bb45bbc612ee6a823ca42ade61c1f5f18d7da4a524f7cf4fc5de9da73c1916809142eee4a75fb42d7b6ab9e6d181defd8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6b298e4fecb9be535834793716c5b2f |
| SHA1 | f1e971618b956d9812be687287449719eb8bf1ac |
| SHA256 | 6d6db691e0ebf78bfb90bf7a8c2f6c72629a79473f9056122ab024bd3dd2eb07 |
| SHA512 | 5c7efffbc5929b920ca5d9dda19b655dd08454592a3b09eacefeeba65572f75c447c3163ae7de06c39f301a4d0baa30e31404077400824ed48c5dca37633d1b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8a280b4a487f695505099a00635742 |
| SHA1 | 1e2aa36c1b4e8656f1077d95b441146aa75d02c3 |
| SHA256 | d33dff4bb0fa4ae9e927ef9c797866446b5ce0d22e8412247c5458e604a8de05 |
| SHA512 | 09575b0b78fdcfdf4b224357ca8d55b39ab6fc741f67c875bc21742e0ed2d2bf175d726a9527d136e7589c919c3abbb5c2a7d90cfa1b706fd0104b5c7c71165c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b68b70116a12b4e82f07f1755d2d9bbc |
| SHA1 | b37be0e66d27f4f8591436d8dae09152cabdfb59 |
| SHA256 | dc26c82d50578fa2d71238897f23a1f0da8f43ad028930c8dc3e5536f32c77e5 |
| SHA512 | e9cdb4b7c96ec1725329d169a95b93e40cce0830d27162de99db46c759a007d25fadfa1cfd80b3af3e8832747d1b8090465a6bc13bf300973172b6a839c880aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0307372b6a45d28b2c19968e04a8749e |
| SHA1 | b966da95d7717f7452bc70d2c40f53d66ef60933 |
| SHA256 | a061fe92ff21bdceb4a89b112130a195f50972a8b57933844e47898a6b4d4167 |
| SHA512 | 0781a88f7913ea6065c95d4bc535d12a3fdd57cb5b3c2ecc2a988773965f1420d35df898c944ab4220241dc0717b3d82ebd6cd523a812fdf47ba8e9c38eb652b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a90c286a8919236d57b2160e90738222 |
| SHA1 | 824dd51dd8a1f242ea3af1130afc91f0b44bc79c |
| SHA256 | 058463c33d3c45a4d1250ad819780325cc52dc92aca021c559eff53983144a72 |
| SHA512 | da1eb7e22165e59f02462d9a9c68f375a29c06abc92518c52fa9a1aa228670282c72fe3fea23c8874e3e82b130f21a5656cffc320aa75e1aadf9a609a55ac03e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\1005847222-postmessagerelay[1].js
| MD5 | fc4f777baf3abc58239cbc8efe48c659 |
| SHA1 | 32a32fb5bf485fa53a8256d24db6460e8eb1ccef |
| SHA256 | fd632e2d64132d33c6becc1c4f1d35b828eddac1bf48c4cdfb326b53b161885f |
| SHA512 | d223db5d31692f3f5289d6a8999aff916ffe12e16b5f4baf69716f31423de520c1056966152c906d34f8ba0f27cafa529dbaf0e0e503fff03d30bf656ce4b6d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\rpc_shindig_random[1].js
| MD5 | f28f45de0a00a50f2a52ad73f243dae4 |
| SHA1 | c964f6881d60f9ff849c5516da17ab4961822c80 |
| SHA256 | eb618daa43c4b741e65e6397efac618d440ade122c9605784f320ec300e141e9 |
| SHA512 | 501f5e4afd986515ecf126a558058a00a245dcdb62d6b6b2cfa4c7db22f02c5f44c3d9f94f7153db686651975b14dde425fe7e6793491d13136963de41dcf28a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6a5ce784304dc12b7b742c4a563c62f |
| SHA1 | 0c6dcc77148313137165144e00fcab950b0c78e4 |
| SHA256 | 15043b7903342249db4c57de68abb967ecb441f772e0638a52763d4af071a693 |
| SHA512 | 3a2b0c0ed1fe23482d3055e2039eceadc7d0212121d1ea2d9d17f0e6d57752c6d48cc5329f613e64dd51ca57e92523a4db2cc05be7ded3bf450abc1bd82ec8ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d97977b6aaa5b902afb2f85fcb55984 |
| SHA1 | 0c0eaf2e9caec6779e246991fa5b42ae11091185 |
| SHA256 | c10c308b3044d5de8b47b430063e18f756bb990ae8d5e57e24df8cb9bd7d32d8 |
| SHA512 | 45aca3254dfdc2e1f0a4fb784fccd9d1e0f2d0bbc4f02c8b51902c4ca4603cd8c5dc276a11806927dcac0d00853772329ec0626cdf6351b50710ca2c1530d694 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 68f016ca7baa6dbb1e6e3e595616731b |
| SHA1 | 0060cc5abffb7353933ee2d19ae9265944a6769f |
| SHA256 | 7a2ac5a59a300bd71ee606db718d704bb745595bccc1fb164c945509506f923b |
| SHA512 | a7e287f37b6a97b3303484bf9ff9bba0f295081ec65effc4e6cf5329dd950781a4a1afe47899217555203c8f12b5bceb585cf27dc5c932f70761b6d5731ee562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98d8178c77cd62d4433b69d78fa9728d |
| SHA1 | f9e82ad672ac3bc085b66d80ff86c86cd1e87eb5 |
| SHA256 | 00d83ed6d27124c785f14275b9391ddf6052e835329b6a1c8df88ce36541a177 |
| SHA512 | 65ca1711103299b9017db00353ef19fa7cd66c777ccc805bb3d6f2a9c0846e26bcce90dc7539a7ea0f6bd5976c56a5c7979b7b4a35cc55ff0c0143c43b138e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a2cbf598aaa8977b0b410d7b1d96a9d |
| SHA1 | 9627d09a0c23389216b8d6e721d3e1d71f9068c6 |
| SHA256 | 28349ff8f677fb8b61d8e55a881e880bf0a66f8cb9a4f8372d2a959842c6f291 |
| SHA512 | 55556f41ced831ff9ea212a6f7cbe0a10501e80378b82365eee4684552f99c4b746b40ed66feeb438ff3eb7de5571aec2fb8eea3d5bbe165ee957cf145939fd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51ca6ff305d00ab1db4eae63c346ae58 |
| SHA1 | 62a642c209ee9e0c31b5101c0b564987556dd265 |
| SHA256 | f3ed0cb83309b3c995ef48384c81d1b0d8b3ac683999c2a981b229ca5062778e |
| SHA512 | 79c9d16dfb93c6e13e6d0a6507d31ce64755cb1d832de73e6c94226906bb2a64a4c9773d5a2b51f37c26a89369ef399eeb68bcb0a4247881febfb99aaf699b3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c1c9092758412ef853daf5e46c943e3 |
| SHA1 | 23a3a4f31726f172f2b6f04d35e5815db4f0fa33 |
| SHA256 | 75fbed6a59b6aaab752c0cb9ea729d99c95c3af2efb7045cf37b7076aa9e2445 |
| SHA512 | 688c9b83390e577ffaeaeaaf72ce551aeea8f58fa2161d43feb99a6b38a1564db4443827386868c6a49a90963e04fb793beaef88fbf60da506ec2c89dea64e27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acc32762d71afb0e91e72ad91a989010 |
| SHA1 | 5beaea857451457e24dcca918833a12481c3d4b5 |
| SHA256 | 373e3b4883cfc05cc269cfd8a1eb9dab82936d9ee20df429f9c7def5235379be |
| SHA512 | 0e7486e76246e82d03bdecae89a9de7adb44c09b752459376281c0768187e0d5da2afc23f7c67367bfa844ee6c994afd8329c20753bc97b6a153052d6a804f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2db54b278f82e5a42c8e7fe391d24dd1 |
| SHA1 | 4769e898dfcb3402de940fc634e5f8ac6c615565 |
| SHA256 | b5842efd8811676a8ece44bdaa219d6f84a47ef8617861bf52fa6227d81047e8 |
| SHA512 | a97b55a9d6e4742135763c138ad5b7804d03a35952cf414a1ac6831c3dd39edba023d4e197b2e19ff4fd3ac2c4f1df415a3aada6642514af3d276547b50aacc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a30969f241d925609d9a52b1d217a583 |
| SHA1 | 71188314270ec551e9cda70003a822066cee8063 |
| SHA256 | b132eaa08f1c6023845c23ab311c669854a1357e7e8faad3f80ca94f21a0fc18 |
| SHA512 | c8df50bbb8d6e459565a8367786f7498d2218388b63e66b3b34ed17f5770149d56bb0ac77945ab56892b256368efbc121cdb263658d13d537acd7b96056e41a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea98c30f80c9f040f794bcbbaadb83ed |
| SHA1 | 73fe8a95681892fe874a0a81b2b9d915c8bedf3e |
| SHA256 | f7699df395cff52f00b9f1d48aab8f763471562a2665e627476960ac33567469 |
| SHA512 | 2bc0e52855ff8879d77dc715876e22dbf2b4b1d2792b7a5473ed34ed1c3cdf8fb88a6d4fb6115107bcb1cd6db645cfd7d0bc990eab859f99ec86a203860497b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2684659b1c481e99ec3b325b8d57f2ac |
| SHA1 | fd0767f0d94cdbf7de0952ca27ead04f2e474661 |
| SHA256 | 22bb171e167b092be2be410bc882bb2395af47c20e99cfa7515d55bfd837f075 |
| SHA512 | 587d6551a34cd7fa50c9ca71f2b93f567fa3123e2d5361f6e493c9e0a5fe66d3249a05a1e0294ed86bd5c107bdc29a910d5f95708625e70d02385ca105c8ec4e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-02 01:46
Reported
2024-04-02 01:49
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://df.onecloud.azure-test.net/Error/UE_404?shown=true | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5480 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5832 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3964 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6120 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3736 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5488 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6352 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | journal.cyberpartygal.com | udp |
| US | 8.8.8.8:53 | journal.cyberpartygal.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bp3.blogger.com | udp |
| US | 8.8.8.8:53 | bp3.blogger.com | udp |
| US | 8.8.8.8:53 | bp1.blogger.com | udp |
| US | 8.8.8.8:53 | bp1.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 198.187.31.93:80 | journal.cyberpartygal.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.60.157:445 | platform.twitter.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.187.238:80 | bp1.blogger.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 172.217.169.65:443 | 1.bp.blogspot.com | tcp |
| GB | 172.217.169.65:443 | 1.bp.blogspot.com | tcp |
| GB | 88.221.134.17:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| US | 8.8.8.8:53 | platform.linkedin.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | udp |
| US | 13.107.246.64:80 | platform.linkedin.com | tcp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 76.76.21.61:80 | www.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 8.8.8.8:53 | www.stumbleupon.com | udp |
| US | 76.76.21.93:443 | www.stumbleupon.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.31.187.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 151.101.60.157:139 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 61.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| GB | 142.250.187.206:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.238:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.187.206:443 | apis.google.com | udp |
| GB | 142.250.187.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.238:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 84.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| GB | 2.18.66.163:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 163.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 2.18.66.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 177.66.18.2.in-addr.arpa | udp |
| BE | 108.177.15.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |