Analysis Overview
SHA256
f3e401d3621e1c1568813097bf8077008efd90b52acef0d29c9cbc8afa86fcac
Threat Level: No (potentially) malicious behavior was detected
The file a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:17
Reported
2024-06-12 18:20
Platform
win7-20240611-en
Max time kernel
126s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d9619537a0544f94dbdea5dd1ddad7260c75ec029eab144cd94a01c412b907fc000000000e8000000002000020000000ec77e828a5034bfae851099d6dccc8f1a3a54c6213938676c91f7b0be0cd9d5b2000000063a75f36cf7885db62d54e85898bb4fda008c0531eaba7d6e9c65af8e6c2067440000000d4300da36afbea485299ecdd0638092700606c9620669668e4477d862de347fe0c8fcbb17b60e53768161a77acaf06cf14fa6ca0b058c6b68a2e391bc3f04d8b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007ba039dedc9660edd78cebf69c56945990fb60197ca33ae54347ff540b3985d9000000000e800000000200002000000043d8161345577ea9bea9485f99a463068770a0a5774804e27510eb98a8df26e590000000789ccda6f56990d56472ffd02b4be9110d038db8949b41131ea4694806d44d1900472f0d26a66b7f5902f42bf218745563ffb70961902e38f676991033b7c34fe5970c03984d40259f68ecdc8c6672813dd8fddec692c16975ffb86f01ad46ea5f600d1fb034d0bae3e33905e114f0ffb02340c821ded20901b23abf3feed12bc43c6acafb4a8c6dd68f23d8fd48a0fe40000000e3650295d776d3efb28d562c3d57b0299d8224b244d9f00ca9c722cdb86ec849c954b7a79cd65ca4216b2dab8fb5b8c60f0e09ec5f7a34534e520b83ae8de88a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1235BC91-28E8-11EF-AF9B-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e835e8f4bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378137" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1176 wrote to memory of 2744 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | tcp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 3eb947495f5cdb54b60f3df9c539d19a |
| SHA1 | ee3384e50d2b8c07ec08bddf4ce805a52c82e6f8 |
| SHA256 | 71efc3f364405fee6ccc1d3cb380f307f962c11398155657c5bde7125fc1c4db |
| SHA512 | 02027e2d6ceac9070b9624df35d26d960feab81a1134a2411e64c4c6e34ed2162308e1c3d01adb02af7e80fcc43181a6f4ed46ea151a60628b56c80a134fa6a0 |
C:\Users\Admin\AppData\Local\Temp\Cab5BE8.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5C19.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 859664bdca585438f0dcaab8bad45d43 |
| SHA1 | a461df9ba77d85ae03085e952447ffc51be687ef |
| SHA256 | a856dbed7a277ef3994c643c5db06d7eb25ce51fdd6d3c5473b9d0eeedd3c235 |
| SHA512 | 6298e7f679a77339e6451937f022cf1025e5ac86f8cd653d8c21842b7e5adb9714d1c35c082a3b4a40cb942d4427ffcf35c4a78155466a59bb0ddee5b82a08e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 479c63378c14ee52d2da3a248efaac7f |
| SHA1 | 4c3c69b4644f42e79bc2ec7b81c6a8f41d381877 |
| SHA256 | 36f56bc0e393fa28b59818ab595df9356f49c3aab175b58e67d368d96116a77d |
| SHA512 | 024f85681ce82fba5562fedc799f3d4454180b6a96f47c96fae68eccd2be81273b22a13169a18c3fa27e58e2bc224350f054615f84aa3ea176a8f3706dc68b98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f31b4744450dc03f880570f11751b53 |
| SHA1 | acfcd1c7260ae4902ec1be8e0ed2c95041ad4106 |
| SHA256 | 209b7af1936419da0f17731ec07e82d0c80c0a39094a8f2545f761cd9de340a3 |
| SHA512 | 574f992dc787518fdcc46d1ae0e20c44746bd91e7f87e50be89d6d0a9a8247b1e0d3e711db39eb385597bfe62706f6f350be108cf022aa2f4ba5b17514cb8945 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cb=gapi[1].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a0fb745d5d316bfe2b8e66f8097cf1d |
| SHA1 | b0d833b252962605ac6b209dc76dfe6efd7fa297 |
| SHA256 | dee04b18365cd2af1c02366c0c243459db14f01bc3cda34de65471f34c8eb8a6 |
| SHA512 | 36957a9e8ca3ab1d7d6a27e0d7465c638e4946214974eccc2d94105f720b0b70f2e9771a7f29a11093fa31195eb842bf1c2aba1d9c961e04ff631d4f67180c8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae1b2781c04b0aa2e6ab6bb2fd5337c2 |
| SHA1 | b29fe63ab347bc8a05c4471eeb8052b2627563a3 |
| SHA256 | 26a67a0af8900aed39f721bf0d8cf77086f62a2d750f6865a1f4d738f51323dc |
| SHA512 | c83f5cb065c9a52ecbdadc31db5c42a4354cf2a6323700c4878d9ed3fd39fd79d9d7c3e9923d4a0fe333130de8efd142bcc04041affad9d5b59658bb5f77e934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99f11c0b0f9bcecfb13c8fa38b279b05 |
| SHA1 | 6713bb6cfa0a2d4ee85f39e7360c502a9c60754a |
| SHA256 | 9c6c655069a0dbbb1910cbf17f732d78a3bbebea2d13ab5dcd681efd360ec8e9 |
| SHA512 | a2e27771dca02e90c1c693579f256ef6d655e2250749c7f530b286fb089ff0f7a2e877dd66dc6f3bfa56581d5960e3466f2a986d82304a87c0c2a431f4be2376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4401ff26390fc8ef3216190ce0636805 |
| SHA1 | 55ddfef1a5e56fd4010f37e11d75555efcd0963a |
| SHA256 | 76e8879ad2cf7cc065eaf8b4f083f702f8b94486b3fc3668fd3e326e73f3f15b |
| SHA512 | 2f474015c0e7d9694add2f5236b20459e3a439478b06b2f0d6580a4e4e33be8c256606951233eeed9d3bcb7a69abfe6bef75766691f95f38918a219bad258b33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee9b009c57a796354dd800f78ff0f626 |
| SHA1 | 728bda37f583df2d0e48e21906655405d5977c37 |
| SHA256 | b2e2113f4aff3f78fc9e5a23c4bd8a62194dd29ce1a021bd3d034c2b0a0b8915 |
| SHA512 | 445b88257e8bb997635af53dc7015e704e7e53da0039a87a13d20184cc2b1b6489033f02e358a16c4e6683859fb826e8c3ab8a61d729f93a79c280dedeb0e3ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ece4ff73402e65d5cd9ffe48451e446 |
| SHA1 | 341a17883bb5d6e93915e2fa7baa406d67490802 |
| SHA256 | eebd098ec8d6043f4fc8a2db9f6ac781c07a7bbe6b75b54273f85bcddf395c7f |
| SHA512 | 07f22efcc999e8c704e22f544bd8b07184937780844923ad4031bb3d5c36a728bfb29eda74309a892c1db63f0b7a7aa7dc0f0c9c2be3eb6e8b493dd8be3f480e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5da3b0b84893695234eb99f30a4bf3c |
| SHA1 | c0d05be73cf7909b8f3627fcd8fdb71a8161f858 |
| SHA256 | 5a9d86aa70319686c019fad96a0ec6adc0452df35331ca334ccf0e805c1eb1f7 |
| SHA512 | 128dc5df530e6fc7fc0470379b4bd71778f62f0223908fb38e5bf30a9b84d44cb13790b5dc7b71a720d53fa3a33be96dbd05f2bf4c246a601de6b21f7f1c811b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 145daf56602b1f0933b768cfc970037a |
| SHA1 | 24721f917077e53428fd3f8ac33ff16750d34e63 |
| SHA256 | d95ec06b4d88cc325d91ff2324e16eae8c380db1cea2ec54321860f9d952d681 |
| SHA512 | 2c181c5acd872aedb274ee5566518e38adf351cd7a3a7cc864816ebf66832f25c443d334d7e303477a11bdbcdeb3e71d9bcad6773c2887beec52abe9879563cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bf13c242aca633c6d2926a3b8fb209d |
| SHA1 | 60c4e2876b00f8538e30df9bf6c22c451833ffb4 |
| SHA256 | 68722412a63ee2dd1c420db8ba2989aaee9d8b33666f460e1361a5666e2d356b |
| SHA512 | 5f1bc9ea5e16b3991c770475c3bda708c9db241bb140d39f2fe477ab7f7b5ccf31c38efc4c4340120ab8b811b5ac9fccc7f47b408a6fb5e0015a5e7b61f790ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f26db8fdf0b661c032e8c0b4b648512 |
| SHA1 | c4d4d62a51b4e41c2b0df4d4778de08f0cfe7d4e |
| SHA256 | 6a47f9353d1e9ab80d95ed3218ee31768dab0345013a2092347d40947c659f13 |
| SHA512 | ca130b67f2f9d506a83fbce49dbc6d9f2c5970d18ac4f36abe3c4883e2f4f2d3a8bfb4980d5173e8ec23e897dc85b4b600ff66740413e2a69a8b6540bb9252bb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa382bce147facf9b0c8b6b390302634 |
| SHA1 | fb3059164924adc852ef47f959c87064d75dcb4d |
| SHA256 | d1c5168481305d701452f92e1b187dcbe2419b81baaaed4c5fdfee196fc08fc7 |
| SHA512 | d1af67e999d61c0781b9ad13be82d530e9427bb2df92f0ca33575c32d7e5e79958397faf05df5542483e9f1ac4b74b16ae8b42964ee32043b110cfb9e619c414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20980fc95040b6b942029fe6b2c19eb3 |
| SHA1 | 32a54540e1e8e6cf2db2f0f99ab26b89e49eedc8 |
| SHA256 | 8326ed8b816cc222d3d23179a39ffc0bbfc006c166681d503116bb1cd94f32a5 |
| SHA512 | 83a1beaa2da9d502394db7bf1cde858e1699474da6e497159e457f702fa5c1befdd171033fe540c116990f1c3fb74c938a72b4936c50a22536f758beb2e735c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c08035d0d1ae2c0864fc1e083ee1399 |
| SHA1 | b1b5a33c8a3e8318e49d1b7cf37285aaf0351f01 |
| SHA256 | 6164bc970b9ef38ba7f04c4b71c6f9b3197c882dc55c8e22cbf70dc3f57e20dd |
| SHA512 | b3b5a4b43099da32e68d590a509c65263c2e88440235669d87e2d117195aa567d6c8f88f0a0dc1ff8907c547040f495f5156da9f606f306ecaef52ebd88afc98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c94830bc2d9c84c6351ab1032a66a242 |
| SHA1 | f024fd14d248d7c12dd7f7328767aad57aea8c34 |
| SHA256 | 3092ad986045257e5510eff4d7a6ea7f88ce7cb65912e743a3d21c4eb7621f3b |
| SHA512 | 1770fcee0b9063c2aa1d08f5a14fd544ea6606bb94a34f6862134103df92c493e453c98ffc5434499ede02e18bab16ca011265d442393c2be906920dde4d315d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26f46f144cb8ad8267d19274a93a9957 |
| SHA1 | 2617ddb8887077de915b8a19c4a62baeb47d4ca5 |
| SHA256 | ca4b5d48fa8008b4bad97fbe9d90b6e4e8b3781ffea43ef16a30cf51e8477f1e |
| SHA512 | c83accc0db6f19ae743be117783d1ca8b888bc9ae0a0bf904666657a62f96c294d1ca03b740fd76b5e38dbb15219627514625f91df129c41d31b4c9c2588c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab506b4455678f5344a5d5af582567aa |
| SHA1 | f04ff20913090a7c0bf91e80bf3578aa9a4c87fc |
| SHA256 | 4f5edf1a5e7a625e61e8b290fc2d08981f09796a3a0ef7820f4b2ae2d7bbff40 |
| SHA512 | 7222648f439c451888383e160316d32e5e9945fcfec3f75207e794c41ad7c9e31c0f3536a4983486e7c8b3a240296fddcda034bf5866051a20bbd57393281fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afe53b113efc2cba5ca919039fad5c29 |
| SHA1 | bdacd96e1ffb27bcd6e7d0dbfd70b4ce7bac0ff2 |
| SHA256 | 143f51c0ef10d22d47c2212ad62f0493295c7627f2f6e763d2f263035315394a |
| SHA512 | 703e949f15e33156ce016e2422d8420f18d4526bc453dc06942c270212ccbf75b771e01d645748fbf2b660cd1c152f27fdf7f94372f3f5e19a23cd7657819b90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 354da76e9905b2d35b10a8a2020198f2 |
| SHA1 | f59e40c7645400c40547a31063298c67c71cd499 |
| SHA256 | b8923315362c75a8cbfc1deae8f047a1e0c36d8ca7c571bf04c331f6abfb9fa4 |
| SHA512 | 7d2d95ae06144fd7a8e5e8449a29e40ffb6f1acdcf4b35a40513f610532fe3063fad257ef85760198f6e4720a0605e3aaba5b1d484c8160854b5e9d0759614cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7621c25b6a91aecbbe9f0e452aa0798 |
| SHA1 | c94cc843997b06f97b25902e40ba4db140612a5a |
| SHA256 | 6f3c99cb737ffe16772d799f7d940b0f6dec21c9c36f0834283be4f37da88cc2 |
| SHA512 | 0f518ceac971a1efa1af88d304fed4c2c5711f2d99b2ed5ea429d2896f0fb3ac760230a87ad77238c28c5cbac93038ffb2f3443651931ced1caed3624c6be30d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3df344732ff9f89a8770c7b0d087179a |
| SHA1 | be1a753574cac178cd9f2ba529d24f47c6c0380b |
| SHA256 | 73957b28deba4d0229210202b500b994d4949056fc59476e49d946acd26501b7 |
| SHA512 | 8235d6ee4335392c0ad62c986ccf10cd415a71e7d7a9d7ee07e89ea2e8ebec12363d9e3349186a91f828fcdf229f028ac3d15f59899ebae2b6f31c1951c2cc2a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:17
Reported
2024-06-12 18:20
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4352 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2720 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5784 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4880 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5960 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4728 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| BE | 92.123.52.36:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | google-statik.pw | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| SE | 185.130.44.165:80 | google-statik.pw | tcp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| GB | 216.58.204.74:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.52.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.44.130.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | www.idraulico-riccione.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| US | 8.8.8.8:53 | nibirumail.com | udp |
| IT | 46.28.2.29:443 | nibirumail.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| GB | 216.58.204.74:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | 29.2.28.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 8.8.8.8:53 | serraturecassefortigraziano.it | udp |
| US | 104.18.11.207:443 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 197.71.22.104.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 216.58.213.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.107.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 88.221.83.218:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 218.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |