Analysis Overview
SHA256
c49cc7b4036b4ffdd97541ffe26e03af2cd2569e00fb140eb4e0a0b3ef015a15
Threat Level: No (potentially) malicious behavior was detected
The file 743e1e1df1099ccebf04aafd6e0dabff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:50
Reported
2024-05-26 03:53
Platform
win7-20240221-en
Max time kernel
117s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000336102af3b6f84aba228be396328d7b000000000200000000001066000000010000200000003abd75b4a3b83adf96dabeee72005a06da05b809047d97f84b7992c1fbe28f6a000000000e800000000200002000000066400c7420b27aced1cdbe8ee21d8399fd4aa137e54b9bc465bcbcb87267518a20000000aa2a62245c90a832220a54d2c7f2c6b6c77418cb0c2fe8a5e235de3b1559cd9b400000009bb3ead342711e9d19e5bcb09174af8d2d0523f4f9215d4af0eda5f62564a2cf806e21fee7c439acf9d820854e26cc389474e13452db0fa97074a8d6941d43a4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000336102af3b6f84aba228be396328d7b00000000020000000000106600000001000020000000ec465f49d86b6e7a09462f217e51364c945246f586f4ce3ebd1d7bb5ba4d0b05000000000e800000000200002000000036002daa94d6e9d6dc36488229635e025b6519fd604a8df3c1f27ec8b9e29b9c90000000749716fa34f56bba952538e9167bb2f95c46654f9d9a6e2e8a7dbe0a459eb4d2a2c71ad08c8fd6c903de9326b29d6e005517f28129f2b817e63d247418e0c5c84240ce1a85836ba3718612635f0a31412ecfef8d27a719cb2d7795f60ceea9dc612e2bfe16df1fab619344e0beff19a95be414627c31424f22a5450c4fb2bb5b465494633c3ed047cced69e88c3958c6400000008af23842faee3fff799a1478358d9c2b923985b50c8994ffcfc0aa3c23bee59508a4e044cdeeb8a774fd21c99bb7bdf7b2c7672f225e13e667700abf797b8a20 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{16AA39F1-1B13-11EF-9667-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422857297" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bf71ee1fafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2772 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2772 wrote to memory of 1616 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\743e1e1df1099ccebf04aafd6e0dabff_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\cafd83e895d821e4ada3e3e38f93582d[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Cab8E89.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar8EB0.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6c19d88a8eefdc28e405b68a252d6221 |
| SHA1 | 3c29b03750c59010b9e3dddc706a6841026d94b9 |
| SHA256 | bf86b4fee644a75144166ce4e2ade31137c63fb0dd3da4cf9d2709216ca2c5c8 |
| SHA512 | d0e3675e0664df74276e874b8e0fa1f4e85e098aede358e890df8430a5717f3e4c8bc26951aac7a8d1574f83a7b01c31d19d4f74cfde44bfeafe3a7b571b7626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | dd3850d9ce5a33ba453ba4d1dfb4ba51 |
| SHA1 | df05b044dd14e7d009aad0398686bbfd6fff1491 |
| SHA256 | e9e041a83d7f3dbd6adfeda50b7ff9d3fd1abfcfb4fc5906d481c33db7072b85 |
| SHA512 | ec27ccc61d0133a76a612d5ddde2c6193f96302e17f66a75da8e1ad18ee871fe6b307e535317726449dc724331d4f48376d03201ad8d9dc2985aa0420d45b8e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0373ac8e882e6606743b73a64f201b09 |
| SHA1 | 59f7f2c8b6d7bf0908e173be23d126710020c458 |
| SHA256 | 7555816f8b109cdcf3c011f1ee51c3510b6366f54de0b701e85745ff695e920d |
| SHA512 | 64dddb60ef41265529a70c11d64c05f885b6ccea24459488916df64db4b1dd049759a8580f49352a54b31e7651fff2c91642e960768a0d7c271321d721e6e3b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b87dd33f4c0cd6c11237dad53945050 |
| SHA1 | 0e2dbd542b835199e00cc855cd35669582bceb2d |
| SHA256 | 340de99c7e0d2c277c31cece13d2ca49a47d071acfce847436cc1d4d51fad93b |
| SHA512 | dec9a844e97d178918058ceb38fe3810074efeb63ac9184cd1cf1708eeae7ce3853fad892804ff43d0a3e30b1c3876e63694a9e23ae6aa0b86e13ca33e87505b |
C:\Users\Admin\AppData\Local\Temp\Tar9072.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | a700d6adfb357abd352c42dc9bcec43e |
| SHA1 | 72d73333247d955f5ce1848411d4088ff80ff6c9 |
| SHA256 | 93ef51b71e1b1a63f1ef561db00e8827c4fd1b7a2fb854e0174f3bc7827d6f84 |
| SHA512 | 803abd84b09e63f596ef5aa3d6dba8ee6c9b6b621e708d2e1d2a68c40e8405572dc78f1d985ce15e8cf40c6a3200dee0e22083a905bb37dd43f6228aacaf659f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ddf1a3f4252481f9cdc78207b5fe6d2 |
| SHA1 | 481319a0b04cf9dcef05464eea80dc2a2a9ff4d1 |
| SHA256 | bfcba1c63bf3fd322f027c3b58bcd657b19c17373fc5a01dc9e1fc13fe7c1db9 |
| SHA512 | 43249b392b1b75ab7dec0d8d0df0038201e0dc86abdf234371cbcab4ce37b88c4c6303b7bae8b77e1ce62cfa85f2b9fd64f714a41e4c1dfa3b4973183eab1c06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 29fba829e51d351380b2d06fb58593b0 |
| SHA1 | c629a7e872a366d9b625ae5d0b7bd43fa52e79bb |
| SHA256 | ac0ab66007dfbb74a2a17294f21acd13f3eafe9b1654c28bd31a9ba549c4f98a |
| SHA512 | b517e9d346763e340d5a81567ae7bbf202c24d8a229f51bb2cd26789b1e6972b284589dce542447f22e150ea3516226764cb8530a03f95a922d9c022af512df6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 18a1f140623e21ec4b37490a7a021f78 |
| SHA1 | e958fa0815360968f60abca23432fe17af3b407e |
| SHA256 | 356a6f6647021463249be49c7f3c28346f62f0b001fa151c8839cd2f3736060b |
| SHA512 | eae7006a5504ca343e4aa8173c86eb4db213f09e0bc2d6715ca1a65fd4c5a9f124560125c4e208691707be8ccf3e85e12e626e01303fbf741bd1788e8d2f82b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1603e9aa70df28fbe2bfd6e0e87da2a |
| SHA1 | 7c5d1edf8ca1ef4d8ee3f3619ba0d5e241126e38 |
| SHA256 | 6ec6c234da050a2e99e4bd28a075872838195a87ce4c7c2db4559b1a343b7d0a |
| SHA512 | 10473780917c3c746247ddca377cd2cbc3ec44444cebdeb577d646728598b5724ae85cebf40263c001388896bbcb91b7d819c332be20dc6fde86925dfcdd7931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80b0efcebecbc084e0b0a40d735842a3 |
| SHA1 | f55433c93c356d4e255e372bffed9574369f44cf |
| SHA256 | d1c5fb22239fc9600b553818676d569324d72fbd1e21805a801c29641f87dbf4 |
| SHA512 | 6a6038d0d8c5394ec64814b676943302463eff8c2d6b1488e22a7a222de55dcb2fd3deb8248ed41759c43033513a51ae29c0aba793c64f491303f6ee42d75bde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 292dc287d7f184efff89e7622d11a785 |
| SHA1 | 9dde43201c5a02cff00190f339a2edfac53c3163 |
| SHA256 | 9b155d2f62cf9b94ab3afa453f59842c00e32b9029ba0f613c331558a424bbaa |
| SHA512 | a48f544a196fc2ba3b27b518893a6b3436e4a142633d7d1cdc03423ee9c94ee12951af32769f9797f1368dcf3c9aa6c62ef2c3d9f4caea660287afb7b52f9e38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27f5544bff1e0ce7775f9f789942a3aa |
| SHA1 | 61ae58d3416168e94c67200a6440b8f1baf07095 |
| SHA256 | e5b3729f98c6f7dcb5bd7fe5c563159605c61d85ef4aab479ee6328641ec9170 |
| SHA512 | ddbcdd9504b4066ab04715c0afda7fccd8e14cce5306d8965fd425ce2810e79682813847383f7af0b7cec6314273fead76c7d0d33247eac2731082977b60babf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bbe0c190e688f840a2afdb60bbbbb5f |
| SHA1 | 346a1d5ff1541823aa755d62302e7554c35b592d |
| SHA256 | ee62c4b2c4b00ca0b8bf2f2ce69e2615d97c62f9c893ee1e5561c8277c612c6f |
| SHA512 | 85974e742369c6232d8a09cc8e4a433b23b0dcf793b1ffa81f713e4306680a57b4706d01e82144084ebe75a94ea1d084e390671af37cb7589a13a42d70c8f247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a7831aadbba8d8410c52785d807c90b |
| SHA1 | b94a44d5512463aea7b7b603fb3b885be1aee3dc |
| SHA256 | 7db0273326fe20605cf6838b46a63456d31f9e6ec6696236c81d3655a4c3c040 |
| SHA512 | 2388ec03e21e200fd28f2eaf14a309135e1252bc33e9e0765609c315dd3c259eda6e58e60cdd0bd64c38b0b6ef1c5d02a642aa16c855666064e89e139adc3867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9968e2a207a36c88fbebb1d64b45c80d |
| SHA1 | 2dc772aae2c0583e6400ca9810ead505438ca08f |
| SHA256 | db60d1b47858774053f84636510907b00a2c9fe2ba8ac1b0cbc0c0102caeed98 |
| SHA512 | c62a55a9f4bd4cb719ebbe487bcb2f634223003bfb0e33da9653952612b10b568f0caf7e7de8470cb655fe0164f38095a6a956a97722f5993e8f618af27461e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57728bf5165e55fb8205ac9de4c66f77 |
| SHA1 | 79c9c9e40eea2e03fac503d876038eacf6180500 |
| SHA256 | 5bb303aeb02d412ccbde3540ca05f33156da8626295fe56d3fe5c30998e098bb |
| SHA512 | dc0933f335d295b65bf1b98de401e98748d123b433cddcf53c37ec9c52ad393c568cf1e93dac4707dbb126aac1d32390568c98790f5d2de0d09055b854632f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9ced924eb21402824e6f83672978333 |
| SHA1 | a5ab6331cbb7c5c29e21fe97a6d487fc67e72341 |
| SHA256 | 48b85dc0d54c300903de461d672956a24a3a5be6532696385048d1d50d4fa0ba |
| SHA512 | 7db136deb7dc30192c4afec0ac56015ccac7d4cf3d0b085525d706e40725722724b4b1515e5e1a09da9fd842619c06ac6f8b6093331979f8fb55aee5abd5c244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb10b14a627b9fcd7630795188955f67 |
| SHA1 | d1c222af0607f01a3c330eab4b1a63c1e001b5c4 |
| SHA256 | 34e272155dedfa719b2a4fb6c7fc71ad530a42c16b6b90f71548f383d3de1d73 |
| SHA512 | 16843c1a950c7bea9713180577e4ea94d51d1144d98879eed3c5540d5e3381bbaab3055cb38c8f01cd5951a73982da8bb93757c5fc5e59a8ce61a3ebc35baab2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f9d133432008c4f53c20281def78fd36 |
| SHA1 | 5120a517f0528364b27beed7d5cdf1a48bce21b2 |
| SHA256 | 41fd9e1ccf1ca50dd017af1c6e5a1bff5443d7646590c46f52c0b5ffefe5f917 |
| SHA512 | 7f199e1a8211d9b773f55439a6efe7f46cc4ce1582b77ba4e33c8b40d719e814e5d2392f9022abfd241c72a03b25ed6ac5f764fe909f02d817e95cc45638f9e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bce3f23be63d00a07b76ed7045f228b |
| SHA1 | 8a6b428b45476cc5dadfaf56a1938c06d49cf9c9 |
| SHA256 | 71777bc6dbdaf9cb1bc04c5293426754272fefaf2370ef0027dbc609e78c372d |
| SHA512 | 11e48079e2bb7400a867c8ff6879033bfca1bea146bf8846f293c100e8bf163aa358979ac71b99f924417fd34be9ed026940c7f73346da945e51609a48dca692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0ae141e05c0d6b7ca78b3cf622f8035 |
| SHA1 | 3daa29d0603076afcdcee65edfdb90c8f43f162a |
| SHA256 | 96e4e363233552d9adbfa927510b3cc29a45ae288fd87769d440231b0ac35160 |
| SHA512 | 46e482aa712fd12d7663cb598d01858573d74b02454981359cb64c50c4c33ee3a4f0ad429f443c19d64c957dd5de585b5da5678e858402da00ccfe8b9675944a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f926fc582a9f444a996550a1f104ce40 |
| SHA1 | 31fd6780d39b923f6b6c07164f1bc6c115bdbfdc |
| SHA256 | a24e637d156954dccb9e6113cc4be00bafcfd187d9d8fb56a49890b344af89e3 |
| SHA512 | b3b9a8c7fe7190624b267cb1ecb6791b805b6bc860cf8d693a40eb0a1d84896f24cc5be8d415bedd29f0a950535753f5ca67fb06656b445f9cf171b4a06243ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dcdbacb15899ddd4f2b4601cca47487 |
| SHA1 | eb5799aef3f30883fa9ec390c532511529cc02cf |
| SHA256 | f830713640c4f0b8b01f8f897d7e74d64ba47da5ad97fa35e22120ae785da742 |
| SHA512 | 80fba0d713379e648dbd1b279abdf7b0e249ca0e4c1d20667cfa735e84ba7d0220d24fb951364a5f69779fd8a8eac0fbfbd0ac439afc8414024fa7263b5f783a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 325e1c0bbd830361ddfab950de81b6fb |
| SHA1 | a2d1837a08a71a039e8aa0ec5e5d9b62cad15248 |
| SHA256 | 655fa83c1ed4446708a67ebe7e7fd912f5d71a80c2c4213d3d0edf08610ffb08 |
| SHA512 | aacb62b93f5e9b64dca31e70d543d2ee84e0f5b2ce7ad9daba727ef3484e84bc03126582601353525f4fccb0998b02fa46224bd4b2f9311701dd3ac20b9ad15b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32be06095e19bf2235271fed5defb210 |
| SHA1 | 96520ddda784840e169e6349ada2c5e9f954503f |
| SHA256 | e014c49b94f2489932a02f56fc95d88005e2577a5b76534cf9b9b5e7057df494 |
| SHA512 | 3dcc55af50d700b6018e08e1ff60132dda0f3a88e0ddaa6a72e69a52d9cc1643b063dbe79b32d2e6e37b5ccd066ef1a4ea032cfcde0efd72613cb36f4deca666 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f785d817994e062afcec8a609c517971 |
| SHA1 | 4526f22c06cabb2413bd0ac94dc07fc13caa618e |
| SHA256 | 69abed07fa7e3033781dab0c91ef640d64e7f04608d6248eab82d79bdd0c4365 |
| SHA512 | a63a6ebb620e5ee747a4fd39060b35c77c39498fa9d2e783d874e4bc38ceec009e7fd45120b99968824800048f9940b3c1f5590e001a316486f520f479650800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70b679c878ad9e65d5a6412175aa731e |
| SHA1 | f46b3aa7c87e121ee50c727ff504668b4f7c8409 |
| SHA256 | 74867663c124c7d20e20f1db56ed84dac174990bbac2c65564f9db86dcc741fc |
| SHA512 | 01376923401a0d1a925bc97b254764116208fce4fff8583a135b3bcfd7d10eb513b08fb117aa8001ff816302f3c02bc1c32c53244c8dbf83336841f2d63dfd1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0740da10ae5eae3bef85426ff6846dc6 |
| SHA1 | 695ba630dcd4a36efc244fec3303823fc580134d |
| SHA256 | 575b7a7e79fddd5712e17a6c2ba0e725428f62746c74077bb25c8faff53c5c66 |
| SHA512 | f2226f0b4594808465d13767255dc870a2fbd961e428e24ea59ced86448176c954735371eb23de5ba5803cc0ce398c8fb96ab4832462673f10ab34f6de62d81b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d20c90229077722593aa14b9f0550687 |
| SHA1 | 073ce77598b0b8eaec0e38b91c356a6b365749ea |
| SHA256 | c72aaeb8006358fbe472ff71ac690cca9b7b0afdf6323fcfd7676a1f4cebc3b6 |
| SHA512 | d8ae8f3089fe599a0e8f76449c88d347c06fb59b9ffd1c26679b68812253d0f6c95b6553916f3ee9180f5b74a0b12a5e1c5341aae51680d412ac0e1c748399d1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:50
Reported
2024-05-26 03:53
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\743e1e1df1099ccebf04aafd6e0dabff_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4904 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3636 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5744 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3932 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:443 | saltworld.net | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.178.10:443 | tcp | |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |