Analysis Overview
SHA256
36ea561403943238a03c4e198016a2530d786d27828b81354d3d900681e1ec98
Threat Level: No (potentially) malicious behavior was detected
The file a5d4953d7c8fbce5b05ed40ef19ea45a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:38
Reported
2024-06-13 13:41
Platform
win7-20240508-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447817" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42B60EE1-298A-11EF-8FA5-CE57F181EBEB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1676 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1676 wrote to memory of 2308 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d4953d7c8fbce5b05ed40ef19ea45a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:38
Reported
2024-06-13 13:41
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d4953d7c8fbce5b05ed40ef19ea45a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4672 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5004 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5736 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4156 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3968 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4008 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6336 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4296 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| US | 8.8.8.8:53 | www.saintpetersblog.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 172.67.209.47:443 | www.saintpetersblog.com | udp |
| US | 172.67.209.47:443 | www.saintpetersblog.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | flowergift.com.my | udp |
| US | 8.8.8.8:53 | flowergift.com.my | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | flowergift.com.my | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | saintpetersblog.com | udp |
| US | 8.8.8.8:53 | saintpetersblog.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.76.3:80 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| GB | 216.58.201.110:445 | developers.google.com | tcp |
| GB | 142.250.179.238:445 | www.youtube.com | tcp |
| GB | 172.217.16.238:445 | apis.google.com | tcp |
| GB | 142.250.200.14:445 | www.youtube.com | tcp |
| GB | 216.58.204.78:445 | www.youtube.com | tcp |
| GB | 142.250.180.14:445 | www.youtube.com | tcp |
| GB | 142.250.187.206:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| GB | 216.58.212.206:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.youtube.com | tcp |
| GB | 172.217.169.46:445 | www.youtube.com | tcp |
| GB | 142.250.187.238:445 | www.youtube.com | tcp |
| GB | 142.250.200.46:445 | www.youtube.com | tcp |
| GB | 172.217.169.78:445 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| US | 8.8.8.8:53 | floridawarroom.com | udp |
| BE | 23.55.96.209:443 | assets.pinterest.com | tcp |
| BE | 23.55.96.209:443 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | widgets.pinterest.com | udp |
| US | 8.8.8.8:53 | widgets.pinterest.com | udp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |