Analysis Overview
SHA256
93b5a95a975c412ef42fe038a2ef3858316dffb6f4e1e8c7276f85e6f40442cf
Threat Level: No (potentially) malicious behavior was detected
The file a5d65585b35983537b141f69a38efce6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:43
Platform
win7-20240220-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EFA0B81-298A-11EF-85B9-4A8427BA3DB8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0135b6597bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447923" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1a2d86130682e479f4d2d6731a5a54b00000000020000000000106600000001000020000000a110089113d8c4ab14ba27b499f55f11aed463565b42e49fd09f024117113531000000000e8000000002000020000000f8eed3fbd69268cfd203c2c03a35e7550649e01ead9744e4e20dd40616beab7f20000000da57f7769ac1abf206bb8f0396434c2d23a89692e24c6d9dc590f5a8093eeb61400000006d534aa9ecada4f15818f87d3e3eda1aa13ac75ca71fa790099be367998c3969a07d0b4466cf8761f4fb12539e7cfae15a207fed1faa530bee8a40d151322ab9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1a2d86130682e479f4d2d6731a5a54b0000000002000000000010660000000100002000000016b761b8a62d4ce25f96a0fb79b84d9f18845b1d9017af025f11b4cdb564d618000000000e80000000020000200000001a5fc8f7fb28b4c58a8c2b1094bcabd4703cb918197ec92561da4def0d533c0190000000d0895af73898825e4a1dd6c8e656c157b149b7a205189959e24959795664a14dd9ecb04d462c5603a6b6f45f0648601be383b473a28523943e8c7744311a3a8a376ed4875bab85731118a06df791f780581cfd96edcc1c218da50db4f7dc66bc44df1f02d74d3d0c3169b5d5e393bef0c161369b768731a551b70e3f7d03fd2985c9b7519c0fe58156d0732c95ce5cf740000000d44a1b54111cabe721a68e774259733d74ce8b43d0487a3aba0de41597e275191d6e474900d1aac060f04833cd52562c06c222ef79b435fe537b3cd099994474 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1248 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1248 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1248 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1248 wrote to memory of 2628 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 188.114.97.2:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 188.114.97.2:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\e93d7024558d2ee595265c43dc1084df[1].htm
| MD5 | 4f8e702cc244ec5d4de32740c0ecbd97 |
| SHA1 | 3adb1f02d5b6054de0046e367c1d687b6cdf7aff |
| SHA256 | 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a |
| SHA512 | 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f |
C:\Users\Admin\AppData\Local\Temp\Tar10AC.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab10A7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20c14acf66023ec544fad14e0be7b278 |
| SHA1 | ad162ec8f169427f1fd1425ebe52ba6bcf3fe737 |
| SHA256 | a9fcd3d439e6a8876c5bfc146e589bad36fc0cbff3773043a9cb0458d3d02c4d |
| SHA512 | 90cfc620bfcbf41e7d58b1ff456461eb57f179664719854fb4caab86ff05d9a418a1f049c824656ecc35e816c1792dfc197012193203a33f73a891b8b22e1298 |
C:\Users\Admin\AppData\Local\Temp\Tar11BE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9feb8c8ade4230da5842cf6163ddd8a |
| SHA1 | 74bd5dad64d37ca4de06bdf30a7a65840affe034 |
| SHA256 | 7049e7fdf0db49eb091dd47a05dc7e9fb2fedcb6455c21b8383e20593c4bf5b7 |
| SHA512 | 3f441ca76e4dc64778cd585c5bdf679d8d4316f8220d712e058e79f251fdde7c4d3713c35238fb124a3b0b71b8e3de23a0bf2edcd583dfa85c7117f3b7c8afb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 3cc1de7f51fd2fc0e089ab65bf48a283 |
| SHA1 | 1cebbbd1205c5eb5033d339841889ddca2a3d818 |
| SHA256 | 25a53ffb2bb1d133e8d2b5f93cfa8c0c18d2378dc174eb29c6d7500e2d756a16 |
| SHA512 | bc8fd0baefb5c35d504cef3b50bf088ce7abeb0ce2e930a045b03e490cd1eb05b41fee661d86a10e15c7efb731fbfcfe456372283f668ba3d74bce1c0484287e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 2c7ecdbbb063ea5981f2aabe7fcf9ac2 |
| SHA1 | 5c92e25fa96ac7eb2d432563ce62be6a11dbd232 |
| SHA256 | a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4 |
| SHA512 | 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | b70cee0f5138219184bc7fedfd8b7594 |
| SHA1 | 82c44d89a098c5b820f2d9b5876330b6fa4bca36 |
| SHA256 | c97d828432c4da5df00ef3819331609d7620008b8488557f1f34c1318029dd74 |
| SHA512 | 8f0a421106be3fbe34d36cb51925ed3fb31f4edb51bd4b59fa04c789c15945f75606fb3c730a4181a5bbd4f6b633824883f914525fae2c57821fd60c781028bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90
| MD5 | 5fbbd11da1447361d95430e07018c9c3 |
| SHA1 | 23934454aa9c6076fe25696a8223c63ff258f496 |
| SHA256 | 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff |
| SHA512 | c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6c13f651783ca34d1c9097ba2ec2a7d |
| SHA1 | d4bc51dd15e199b3773e05196e2fa54652060ea9 |
| SHA256 | 72b9d8377a2fec2f4ff53708179f9fc00a451a8aa27afe0ebd7e1ed223d4bed7 |
| SHA512 | 90acf2652143393691bd265a595a2090ba02ef0c41ea71bef4f03e873935e9c68be483a6d6a88d5e869681e9fc1892eb9d0661bebfdff65f29b45a3647be83d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70c1fc659f1c0f13e53363e2d70de26c |
| SHA1 | 33e36a186718d54be83c234a98447dd855329eee |
| SHA256 | 6e03dfcb58f898564c7dd6079663523a8f6570a6d32a290ebb9e70abbc8d2ad1 |
| SHA512 | b4d463ae57d9ccee672a3f8ac52b16fe2923d6407994257e18f4bf42474be077c21c3b85df711cc3248eaceff378997504c632bb2750144c666aa4729419b3cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bdc57c43c9a8cf254dd897fa81a2ce3 |
| SHA1 | 231ca157a46069d5b048a7594d0a37bb59bf3e70 |
| SHA256 | 24a3aae16226c18cbeb216d9894193d43096487d42978a5770df4bb4619ba8b5 |
| SHA512 | fe1bdb4899c017f0555fb06b9e5933d70a4cc74f1dab654cbb41fb7dfcc6f2469cdca4ea80b208ef59c978126694d44bda74aa3175edbeac3e955664f48a838c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5d6cc93e7db16d9d4056e54e16c0369 |
| SHA1 | 64bc44036465841678764d3e9b3950427119292d |
| SHA256 | cf625c95d6ff76287c39a4e3ad38df207e678ac3f5968ef03f9e09cb34104572 |
| SHA512 | 96a65552300401abd97d401c581609e37bf7241b8df15f9ecd33fd6f543f312b0f32f4597e2cf9bd5eb5eb3ce7a297c9c0945afc82f9606a817a88e8300fe200 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92ef9053ee22d662430b0b2b0487476f |
| SHA1 | 9e6554ee2f9b7f2401bf3b5293c5634eaa59d66e |
| SHA256 | 00bccc6b58fb3dc8e780b780c9ad700ba2a7bbde02d8ccc97196d0b5f217281b |
| SHA512 | 9a6ff2b2392daa149347baa347d652dc54bffd6015c90ffe11c348a849a1a47291f70dfde5f93d8e5d848f19c7963597aee83d1fab42b1397d30250f61be1ef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b835b8eecf592c6f728f30a725eca989 |
| SHA1 | d097fde05145964dafe0fb41afdaf8090031ccd9 |
| SHA256 | afb4172b4160dd858d769431a17f365af8bdffe96e6e46fcd47a8e56e8b5b3d5 |
| SHA512 | 5cf7387a56520d89376a349e39ade15247d6629afa24cf111ab4440973b616334bbffe675b870b78148339a7fc7840b1abf1ab49aaf441fb04b96b535f388e7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efb4ec499ea28ed2785527d1a92d3af4 |
| SHA1 | 481979ba62837e681b4c22d6f8c43c7e489b08da |
| SHA256 | 2197a3d547cd9d7811e947e8e5f1f846c6eb3c9f11d7db6740f26dd15188774b |
| SHA512 | 3f922bfdc5496360e590aa447e205412134ce5b86a0fcc642769102023c1d5df27380439340672029fec02ab4b9fd0bd45c9ff7a4a052a9ecef7dd80f76cba43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d99289b98d018ae4395336e2e79227 |
| SHA1 | 2b528b3ecfd5a4d6710869acfba76446d5741e88 |
| SHA256 | bd6653040dc4d4d52047d2eeba8f200d1c3760c7985cc684785e9170b2afa88d |
| SHA512 | f64234a92055ffb9816f7a504e80bccdf5a496a88685134ea57ebbee1d1d828de319d5734a1c9cfb50da834ad632d2e2c397010a48eda839485efb0b0b5a185e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69ad6afdc470928f022689099c244a47 |
| SHA1 | d3dd9da75aaa0f8ab0b1d6b26bc8a5668d98f207 |
| SHA256 | b4335ce2cb06eb925a3f6672ed194f97395d3134ef9b8e2e5650c32c387bfdb0 |
| SHA512 | 9ce99ae3c5003e70222ec4aa0e3b2248fecd38035e63bb47a4131bcd50ffbfe42c9889215efb27ab4c1e00fd7b5b66ca5298a8486e8a96484b166544a64cc86c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03ded0ab4ad1923f76a138af280ab9eb |
| SHA1 | e91501cd0fc2161964f875a1341919c2147b5bed |
| SHA256 | c2a0cebbce13006230883eef9d24c64e4ac370306dce14f8f42003a11e728cb4 |
| SHA512 | 2c504143944cf6afbcf3c3894411c8ce2d9a2a63eeed0f257d22e2f0f861d231e626297883f648daf8fc8b8ca1d9eaa891fc4b17c27c95687cc2a4901db4f111 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 23fb28fbd67fe0ca2489b9935937d502 |
| SHA1 | 0ef8c41b0e619d0663d9b08f5c0b2b7a7a88ee3f |
| SHA256 | e380bb645d205472fd5f2234343139cae65efc9b0ada34135591f9c40359f623 |
| SHA512 | a76323e40bae33b6452177525cb1c7628da85be1a4f53bc7c1d4b0a9f7f83c70000fe6e1107ba790c7dac51eb7e764772f7dfd731428e75fcdac90bbdc5a8e25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39d9da4a904593ecc2350209ee3b2b13 |
| SHA1 | f4c8e2ae7aec8baa1f5ecdba2516db9ca4f07ef3 |
| SHA256 | c01994c506ae265c22d216f93f9dc211c2cde5657412cb0353c5bc97cd2a6348 |
| SHA512 | 11f1c5c7a4c2bd3010e53dda0a1c315ee8e10911e499a44eb0d291532f30978972582adb14c825df6adf832a3c454908976314cd9e752ae161c2885900cd131f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21cd411eb8a2d60dedb72f58a77a483b |
| SHA1 | 83a97576e82e5c6ef913ebc81d12066e844841de |
| SHA256 | 5c8a703a3e189f8d16ed8e8b72665010a60c5338d74c901cb5d4e7a648fdb0d1 |
| SHA512 | 84e18ee3190db870254e7f4aba4faaabb2c78029a3178fba0abe368f41a0be5b0f551fcddeb81677589053695cd08cc7523f63e1a7bcdd1fd691ec09e78354b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57b16b24dffe8c65754bb0b120e2f6e8 |
| SHA1 | 2c0bda709870c7dc102f77cefe5fd5b9f5db0092 |
| SHA256 | 1fc5f7d1df7577bdc4d96367b0552f9bab5dbc00136878d181cdaba891e5610b |
| SHA512 | e055b57b9434ffe8b68983726dd0392315fa2e31e118c97f67e8f032c8e188602004d171fe9e5f70f065543a5e3dd17e3434c241a40dc8a6ffea17dd4f837bef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97558c578b15d7ba1bd148bdaee01c8b |
| SHA1 | 9808fd7003f4da3d5a08b14b4cef2ebe4a89dd14 |
| SHA256 | 4b2753fbdd941d6a4b049ba184cb7fab2128c2b8000c1af103f897457961e83a |
| SHA512 | 1f0669adb076e6a0aeb8489cab31fcd35ceaa51411293f8926b49db2dd4514363c775c380f34f6d6273ee267a5042e2c7cd1e64d190c9f8c3b96729ee4a57866 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6e4245f78292d8d5c3e0511bd3179d7 |
| SHA1 | b15c9dd33eaa54ba30caa0a71930a66a538a0bfe |
| SHA256 | 48a0488a5315bb805df1703b2237a0852fa37da87678873783d6d425dac1a08c |
| SHA512 | 3e615acb65b031ff6fd9cbdfa9a34c5d0c392f4375c8ae9670d356dfeeeafafee48c26580d9e03d1b4206209679479060701d16d097f12ff7bc2b6f9a5287183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e30405e32804ec4afb77d696a61e86 |
| SHA1 | 74a7856db3968c0264929e50330ab532b0fcb982 |
| SHA256 | 04d9d8cab2b8bdd6a55789ef15139450a07336e8cbaa9bf5e7c5fff81613086c |
| SHA512 | 7a540b7bb6b26490aade64ed7d1df733d2c2f4209aa352deb38a7b077eae0e62540c0404e5798626afe5659a8fccb5ccb472360e8b7241f6296e5f66c98bb34f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 430d07ba086262f52828f3bee488d042 |
| SHA1 | 640acb4a4e89b94e816bbd020c1177df90e856ac |
| SHA256 | 1b833856870ec8e55ef1c66b11f681beb2095a208036f7ca0cf3be8bb2c66a34 |
| SHA512 | dcf3e52dec3d6c806410c9dd324f8acedd203fe3490adf3ab4c541a99421c405866d4fa3d016d0ef30026103ebc63420f8d5ff2e2b3f2cf45c88c1f0c764ba1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7139f5377cfc9cb0f03fbe05e7cb5e84 |
| SHA1 | 94eb429ffbfd0d0fde0e4999004c06771ef4382b |
| SHA256 | 74eb516f04122329179b38f399e10903ba4f2ae4d913dfd0740c9e18f9f26300 |
| SHA512 | 36ba81640282852f1b499e19c550e19337ee03166bea804d8623927437da18054d07849dc1d26960fcb5e7cb1dac3f69992a94cd0b24bc0c2e13e33f39f708c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76417b417db4c803e01c044353f4a27a |
| SHA1 | 12c5096644c3a0969cccba648041a1e1ee1c09e7 |
| SHA256 | 71408922241a2de921f45e395f104c8dca75f9e5c8901065bffd7e7dafa7ef62 |
| SHA512 | 031446ba4f4023d6dd3ba88d0f4125e629b47e55b676bd7e07f2a2f3829e6c05230fc58becd5d2744120e74acb5747fb2666ad947ed0779ca6c56f933d461cf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95f2aa05ab95b2a2e583ebb5433912e |
| SHA1 | 503193719ed461d099d9b9e6215b5789bcd98231 |
| SHA256 | 36e189c38c15f2b60e4392f2c1943ea6b2d56f7bf82028ae78bd09d0c3f15998 |
| SHA512 | abb0b5dcc3198d6be7d29260015ce7814db54747af0404ac4255ead43136145a6d8f4fb2295305df5c3865a7c419789d519285d5fc9c3105e766daf784559e05 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:43
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5676 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5836 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5232 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5068 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 104.21.11.155:443 | saltworld.net | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 162.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| BE | 88.221.83.233:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 233.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.201.106:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| BE | 88.221.83.208:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 208.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |