Analysis Overview
SHA256
54dbd132e26fd805d89a69b682d6cf4ab630c9ba2108a52a163876027814965f
Threat Level: No (potentially) malicious behavior was detected
The file 8c7d055764c6497e5f8caef169af0efd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:39
Reported
2024-06-02 01:41
Platform
win7-20240221-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E9413C21-2080-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454219" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c565be8db4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9e1c3b63011742b93c78b55f69ad23000000000200000000001066000000010000200000004cf7dba0a245fb575a324b4950ed3328b1b21ac4df71921d819b9db911982d41000000000e8000000002000020000000add7121ead2ca712a8bd6a3f10bdada531adb9f316066ed55935efd81fb1ce43200000008f4a2097e6f45c3f81254ccf0be64cb0834f080cb5113fedeb9b0939e385811040000000921bbf4db2992cbefe2debd33f8d07538986475287b174a240ba8bb643d074dbd525a5a2c5f54efda4c8b3cd85f92dab1d5d07fc190a861821b75e6a3b75535e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a9e1c3b63011742b93c78b55f69ad2300000000020000000000106600000001000020000000aa2662b193b6ed42076b1bdf20dcd4ce9348c6b232a5b70ded53b741cbc91389000000000e8000000002000020000000665eaecde30940c02a6fd961dbb1504931212a22820a162b4e58ae4dc930f28d9000000081da91f6af56dc35ab620b61d3b323ff4967f4ae14ea5d959e1ea26fc37cdbaedb895c7fead4e7ac437f6dc7f3358b559c5f69dc9d3676328bd7f02cc419ebdd5729cf59230ee89eab02a51b0dff42e5cfd3b1a73549fb0f78aaea2b26cf384fb4537c08151dabc1d065ea0f8369cc0d41ead1485ac6950a6da5d750946e427e8455eb8302641a2f6c6f1d9de27657574000000092d2382a00e698a754f7054a1f21dca918654c4d4e1abd2d63910a640654200cd39bce01e4e013a050002a7e24f13ba1a0287dc1d618ea17f6742c9bd3d28d7a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2964 wrote to memory of 3016 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7d055764c6497e5f8caef169af0efd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 24sales.ru | udp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| GB | 216.58.201.98:80 | pagead2.googlesyndication.com | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\f[1].txt
| MD5 | 8bb81f4f0a5cbf40bd07e52216d25545 |
| SHA1 | 8c39c225297b0da113e3d80cd7955607892247b1 |
| SHA256 | d1b800646c396c6bf7615928bf4b8cef19ca8cb9b0f920bc9d76318a1e131de5 |
| SHA512 | deaddf6008adf04451a22cc922e074e50df1cb11c1509732f98f57efe289a8bf850f0241ce0bed62d6988e6e35ba9f8bda6ffd51477530cf2e2d715d4a4094a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843130d58a33cf23398679a17ea17688 |
| SHA1 | 4597db455fff8cba2990c2dab0071dc0c552537e |
| SHA256 | 2130de01a0fc029038d50c77eca97c3876060afd2d859d521b8b67069e0efd2b |
| SHA512 | 69147ec7f56fe501f85f49dc075299c090e796f9512d7f0c3a0ad0048133ec6ca95d6aefc63e60a5edf4a7378a1247b7163743ad030485adb890d3135a5278c0 |
C:\Users\Admin\AppData\Local\Temp\Cab2992.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2993.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2A65.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fee42353bbc65206845394cac9624423 |
| SHA1 | 6cbccb8d7d6a6375aff02b7049d6d3f1dd837f3e |
| SHA256 | bac17f92fb75d4bc35e45133e9199be9546840a49b86a6cfcbc5942247e2bc73 |
| SHA512 | 436f94fe37ef3e8bbd9fb5e0465fceb1f88b14346c1ef5deb087c8db2849af09074e245cae7b3234bc0c5a41eac83b26d72287353f8ae94723c5c2f7641c4b1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d4a3768b0ef791dba057ca7889f5ebf |
| SHA1 | 3c63f2f98b814b9169b9b9f7a74b2cae7024787d |
| SHA256 | 34ef9d96d448dd05a250f15cbd5f96f6124e507455204d2a466bcf8049106383 |
| SHA512 | 3bb8cd67b2ee9fce9eb99a4e15083c98d13060031ab7c5df191033578f5c97c1a0ad6b5d93821cc4bf8112511bc6a3c5c5d56e04c3a22e927765f88ef7480f53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c88ba78f425de8e3685b059b03b7932d |
| SHA1 | 255c866be3b6cd6da5ca1d97f3e611819501a87f |
| SHA256 | fad6a186d94b60bf61aefa62837882aca997422344e9aeb669ac448fe6b13b5e |
| SHA512 | 07f79bdccfffb90162fc2e351f812a842cc44e132769a5a743a7762a26223dcdadf780b3acc74c9df4074088b549c453bc6a85bdfc58b6144a1f260947d5b946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfec4b5d379d97fc078b5e9cd9c2808b |
| SHA1 | f7f74dcbc0dd4d52ecc5989397aae38deafc43fc |
| SHA256 | aef36d93f7272270e33966b7ffa5d0ddd4a326b9d3c36bd473eda7d0b055a730 |
| SHA512 | 6cb3c3ff7753333749f5165071cd547b4cff17181e36875b5895db9f56c3b6e39880510fd4519f5f33548229d786b62881249cb355e322dd2e9c9dbfcc27f88d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86dbee3137ef4593c0a64c9df0d4503b |
| SHA1 | 149dd96ffc07bdbb286bf7f04f6b8e995996a46f |
| SHA256 | 0fae9f5721164c888c0b25e03d50b7ae7a74af85ad479f4e610f7da1d830112e |
| SHA512 | cfccdcc5015588abf78f1502e0cbfc4169c2f062306440d2677b459343c228b403ea495d2013f2bd0206344c34018e595ab4d4591047172e6f32e67ddd4d388a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca4222c67807a080f4bb7faf1651136a |
| SHA1 | f7e887afd6203c016a27e9d37b34aba27e966a31 |
| SHA256 | 4fb07d8e06271dd603f1e725deb464561aadff8891a175221cf71e68538746c7 |
| SHA512 | 43a943494cfbbb0738c3f435b6e92e376a732b00aba051c60b0181970a707a44ed92bc9de3bbe78fa5448cfc27ca5a4a2e18988d518f7a0c08a23617c0ccef1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2afda67929dcdce15d1fb67fa69d8153 |
| SHA1 | 104f54eb0be714a7c258065122a8a13ae15aa43d |
| SHA256 | 66dcee138b84a36a8dc85bc5e8e829fce66511a9521de1b7e5f9d9d97d8e2d40 |
| SHA512 | e6f36fa6428b2875d61112e0f6f7e6c4ee88736e7fa25f34f04a0264a40231a946f3dda1dd1104d7d960c19141b7fa037ba455be31390747e7633f9bb3b55caf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80616dd4f4ed0a95700f19362bf07093 |
| SHA1 | 0035ba23471a5481f8a68708df66d08a7d642725 |
| SHA256 | bebb39dc77eacfcb6892d7a6f0baceedd163c7b33872699be78c8fa54314ea15 |
| SHA512 | 1ab8049e50e636953ee7a19029aa2a7b3232e71bb90ec325d64ecd040c7f685e4dce8c2c62b58adf360aee567cbe0b14b0c1f1a90e96858ac8f6d61266c63dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63599f632db29c1684e538066bd822e5 |
| SHA1 | 6ea3be393f11993d664b0988c677264b43d780c0 |
| SHA256 | cee6647584b2655e0d74e90d150210ef2af6ae11ed50280bedad39672552f8e8 |
| SHA512 | 02576528ab4defa279223cd60e46841f6b78de1347a4f242d96ded43bc55b669f892d43bfe0c1a25d0743ed0a60d5868d7bad8de3aeb8ed49299742aa688b607 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e85c5b4a33d95b48c51b57c4a956236 |
| SHA1 | 0a7f61521df86fad6fb98cbe39437406525d9f7c |
| SHA256 | 8511a21370a023669f2f3e1178718a3b416124bf785b8afce1f366d0bf845d8b |
| SHA512 | 4e2cb7877b9239a36231ebeb97e4e263a79523b26abb6d43f9255b8702272da69d61109f26d63787b896196d7a877c5c2567535f4e7a7b3be9bb4705c22ba867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d59370829f818e5e48b70c2c4bd7e69 |
| SHA1 | 61950c1fe44dca1cce073567547e358cab691468 |
| SHA256 | 0a9db6d33a5fbe5064817f96240029115df56ce58f90286e4171e5b7b4081a08 |
| SHA512 | 90694769d53fe547a896a95c0a730dcec8768be1210613d5aa0da971cf9c150d375ff6ae56d3bf7990ce5996552a0cfadb7bc68f53f8c383a9ce2400fdbfed6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6a826e65d762460848ae6760a551c111 |
| SHA1 | d7bd0e9a0e059888636a6aa973da367349c32751 |
| SHA256 | fa0c04e597248aef7cab851ce27a6e84692653b341c4cbeb6086ec9a43971a15 |
| SHA512 | 82d7da3a554a95dea12e5536155adcdc1d2988b4ade1af8c7d2052dda76d415ab327cc1c69a99bc930e975dc2f1a22890508d9b7a5391e71ee4542bb989243d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55b86df6a962047bb2f955e32ef29345 |
| SHA1 | 3e09ea932306ff1f323024888696b8d26468981d |
| SHA256 | 3196c87666fd24d6aa3cb4c2371664bab934a317a94ceec0fdba2a61810f5e66 |
| SHA512 | 7992f2759ee6d45d793986677f72a49de13781761b6fe05290a15ba1c7176e279045709cb587f7cf84f874af860e3621bd1c360e2c6cf24ccd562f5a78a9fd60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a2354f50fcd39c29a8d476a6f9d323e |
| SHA1 | ebadb86447ab9a170ac3791ba1298c2007d3850c |
| SHA256 | bc5a6724d188aedfe0ad9cf00a24259f466e8c80f09c1cfdac195f1d16ea1fc9 |
| SHA512 | bee26a664af3889e6e023c54c2d985c9fca2b30c648ccc951a9df2afe1f809c157f6b49fada9292c7f4967226833b7a8d2679145b4059f440d20dfd0d30ac081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84d3e458c377896c984996400f49f7d9 |
| SHA1 | f4061a194ea071826a21cdd3181b5bf45d01ccba |
| SHA256 | d4a3083180092f1f1a5dc48dd2c91348a9ca6215c28d9aeffc80b006ca2be18f |
| SHA512 | af29c9a32ac5e65b445c9547e94cb4fed607322be4e09ad1a02e3a822d4a0b8bd58c1691e84dbfa50b5d051cbdbe63657e56700a9184258cff27e0e8e9a5f14f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b833dc2fc93659f5143d019194b6c391 |
| SHA1 | 089a8b1a7b88fffec68662a7ad042b289ab95149 |
| SHA256 | d7306d22ddbd1f97eaddd422e9b466c8a0ab47bf9d44dcec4957a76d567ce52e |
| SHA512 | 4cff773fe4193b4bf0b1cee085eca2b0d07b0bd032940e80f30e5c86d1c373c8c3d07dbe50ab690556709d10503063302acae4fd5a2ad0ab26c229ac5aa445b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 441799e5bf59486562e43ed681fdc2b7 |
| SHA1 | 03a022a38b6e998b81414988c22326de7c408e43 |
| SHA256 | 22c2e4f66ca7b98854c6b44b89714ff4bd52f638bf292aa6e8ba29c1ce5c3bc8 |
| SHA512 | f71535a768061835e9449109a7c731be846c06d89b1d3f4eecfeed92f197f25be23c9b31735f748dd1ed0a4877c69f331e175832236af6786693ceb28cc89955 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63b0159a8bcbea8071bdc76edd286b5a |
| SHA1 | 08d117bbf74191cc52463615845c0f898c3bf26d |
| SHA256 | bb4cc7c39f0a4f374bae61b96ea1899bc4980a47302c389db5f942c49fb449e5 |
| SHA512 | d9263b20e01ba25d5c412379332951a8a8aaccd173fe28e602bc8c385371e1b0d55bbcebfd5504f45e4f71b4dce836d86f6e28e4425deefbc597bfb048e429da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b503f5849f6104b4276dbca02aa89cf |
| SHA1 | 3f9d97c516a5de06cb1aab40290ac49e75260ed1 |
| SHA256 | 949051a1b35c416629e68df8d0100fb2fc81666c1585667c7c56e39248df3419 |
| SHA512 | 74e93336f31dc42599269227af2f2b3bb1563ca4240a381bd1970a688e4b2079e6576150886f43cba35ae685a539bc5aa513ed7696d72201e2b008ed58f34fdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0283551086989ba022cd46eacb64e491 |
| SHA1 | 7ea904ba26e0041e46867ad986225dfff80a0df5 |
| SHA256 | 95376500d5234f44d47a51967388b486c74cf91cb3c1552c5496bb0237a8cbba |
| SHA512 | 158116969c563ffee17a2f4deaf5797666e3dca218cd474317e160dadec62f99d49af7cb63343569733fd5bd12efb564957084e09bbc09bf83a51819f8a06edc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8540df640f0f92d40185521e6f92be6 |
| SHA1 | 0def7adcd8c1c28efc0dca39f57f86ee91b39384 |
| SHA256 | 01a48f915e69c4a57a3b2edc842ad5c9cf4482dd2b82066b5ec6f1c2ebf9a861 |
| SHA512 | 0293638581f4c54efa27731206d489eae73eafc4f256115a5ba8ec1b79830c8aacb27f12114a639aacb80a5312ea26b018f0d2a1901bc6963a7c9851a5c9c5f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af310b0efbb306bc06f51d8065f6f991 |
| SHA1 | fdde071e1b9e13b124d1a384200fc320eb7085ff |
| SHA256 | 4f9038e880aaa2b34dcbee16d3b96a382f004eeef3cd9883b532e014a821c9a6 |
| SHA512 | 12c4c15b9805e0684c938c96cd1b170d28d82a28863c4aa221404e4c47029706b1d1752a08e870409d255ee1c41094ae25fdb50867e6d95f3c1b870da3d68874 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:39
Reported
2024-06-02 01:41
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7d055764c6497e5f8caef169af0efd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3980 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5604 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5692 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5556 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6056 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6112 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5028 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 24sales.ru | udp |
| US | 8.8.8.8:53 | 24sales.ru | udp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| RU | 176.99.4.61:80 | 24sales.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 61.4.99.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |