Malware Analysis Report

2025-08-10 23:25

Sample ID 240402-b68y6adb8v
Target 804efca48f035c54a2ffd12c645dac8c_JaffaCakes118
SHA256 e541daf33a17ac2f1eaf86feef7f46c85fa9bd8f03629576f49a3314d1eb60f3
Tags
motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

e541daf33a17ac2f1eaf86feef7f46c85fa9bd8f03629576f49a3314d1eb60f3

Threat Level: Shows suspicious behavior

The file 804efca48f035c54a2ffd12c645dac8c_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-02 01:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-02 01:46

Reported

2024-04-02 01:49

Platform

win7-20240221-en

Max time kernel

127s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://df.onecloud.azure-test.net/Error/UE_404?shown=true N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000001467064bbc550cacf4cfa34250b17cfb1f8887407617628580474d787e3c30dd000000000e8000000002000020000000699fe8e852abaa59417f8c3a75cbf1de3265a55c2d9103f0668e7c22bf68560290000000f0df3c63d3b80c3164666331dbb5461da518aadaa43ce0ac9cecd5c4b40cc4403694a469a37895b29cfb9f0e39ed3b54e7033bfa7c6c8f5fe2154d3c28540f2fb4d23fea393355206c4fdfe30153eb5e617b28b2df0fe814f112ae8962ae4e0ffd0646bc8b533e8d65ca81bb6a58fd3286c4d5c985b7d086b0e2dcaf5b4b7d2dc9db491f447d88821257ad8c69b0abad4000000023626776d7d7e44ab56cee3946b7f111b81b2c781ccc722a94fd16502d0ef7b8ab979c3818e9013cf385d028f36ca7102bc313d8dbdfbe6f6e17018f95e47a56 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000020d386a81199d87f995217cc24d6def155204290ab6fb9c52f442b0ce3c6dfaf000000000e8000000002000020000000c5949b0aebc90c3f92d5a01f3bebcd8b8ab4c2d40f11c72326ab4cbd119232bf20000000e6947d4fd2ac8ef149b98534d333cddcce5e0d2695f7313dd814f6b3f95db09d4000000038d9a15df4af36f90215eb6bef03008f7cf7c02f8eb3d78113051336b18cda445e35f748140a80a20aed7ea2f2867424320eb4b3990a7a56f987ddd1d2a02022 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7B49E71-F092-11EE-B671-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0fe16ae9f84da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418184266" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 journal.cyberpartygal.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 bp3.blogger.com udp
US 8.8.8.8:53 bp1.blogger.com udp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
GB 142.250.187.206:80 apis.google.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
GB 142.250.187.206:80 apis.google.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 76.76.21.241:80 www.stumbleupon.com tcp
US 76.76.21.241:80 www.stumbleupon.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
US 13.107.246.64:80 platform.linkedin.com tcp
US 13.107.246.64:80 platform.linkedin.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 172.217.169.65:443 1.bp.blogspot.com tcp
GB 172.217.169.65:443 1.bp.blogspot.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.238:80 developers.google.com tcp
GB 216.58.212.238:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com tcp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.187.195:443 ssl.gstatic.com tcp
GB 142.250.187.195:443 ssl.gstatic.com tcp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a790a55b2959a93a98cd4182d0ab2502
SHA1 f5924ac504fb214122f6ad958098cc2f5aef60c2
SHA256 91af6650c048c35db930f1309dada8618815c3f9545f1924334ad7123f686ea4
SHA512 38c169a4b18b8731a003e88c3feae00d7c929fc80403f51b7e4c21e7fc6e5a143f1298bf88509e1a5bd932639f29e8955eda19def83097c354cdffc3633f7a69

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\style[2].css

MD5 04e60c12a98210d9b6a8dc0726f70ede
SHA1 f77732b00a56192c78b7018ab05ff9fb572352a5
SHA256 89d5421464321e9a79fde0fda4ca654bfcd6ad1661e8f44c7c7e28c88eda838f
SHA512 18125988b749b000857b98c494635ce0375f41c98295ac4db4b5cc591843464bf9a11030575ba684446ecd92329c25c140aa5589e43d9251fcfa06a117431a0a

C:\Users\Admin\AppData\Local\Temp\Cab938C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\plusone[1].js

MD5 15311147ae03f9fdf5233356bfed5329
SHA1 e79fb48e7a50fd4cfefd66da0c7987c2bd4c2f61
SHA256 bbf52fa72bd341647f0ee087568557bf1014cbf59bf6f79f35c2493feb8ceb64
SHA512 ae9f6bad307e135a491752f046a9011e941ef42558c8bca82fcb4cbbf40877f93514020c7f189bd15175b5cccad0d67400b531c982dcacb637339da0f82034fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C

MD5 f5cfbacbabe3d06980ac7b701d192838
SHA1 a60f356b5d897b8e7506d3ac4dd186a5e911db04
SHA256 f41d728206a38e22e3566e0d4683fff230044a43227612d7287c086758aaddb0
SHA512 42a83ea55a0e331b455fd12cd4a35c27e32e8dcbc18c12fa5b32ca978efa541c3ab7cf3a2df96501c1e89400bb8a755a83eb9fca4cffeabc4c3a318ac2212e3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C

MD5 4cd614eacee8350fd0d3aca982718fbe
SHA1 4b692375aefb2748b01c241a3d2e85c454e67ace
SHA256 9ef395ecd0d9332043a72134883842f6bd2d4f8eb44b4eaa8a853ec6676f5dc0
SHA512 da7c563dcf4bfcb768ab9642524f70801aefb00b376fbe9b1997b8215dff6f8baf35d31a8993f704308f8e9d4b053aa3274a4452ce1ca393a806d48f373c81a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar9538.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[1].js

MD5 eaccf6d41fbdaf951d3ec5810f1de48e
SHA1 d765bfa4fca5729b4851a8a8a5e285fcc0c037ca
SHA256 dfa8b29b77782528c76fd58f760668b3d889d8beb1723a20db34a70b6ce524bf
SHA512 3e04826b07397a4ba9b3302907cad1231adee0a21c20b104d75797ecc3555a3a1108c752b12a9b09df922d1c91586b9347c672e670188336d87b909e41dd0ca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 621595b1c9b5c37c60e8b8bd76ffc8ab
SHA1 61dd7d6958bb77d8c64444329dc341844c1c0a7b
SHA256 ced84dd93319e2aa592d1e7eebde8ef34a3354daad5ae16232833a5b5aaaf484
SHA512 b90cb1726ff0525675c2097fc4912e5b65f6c624d5f80385f70b68158c5dd8a80ce554eb2407c52bfb036748184cfabf5cbfcf9bf8ca6b66ab17462baecd6787

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1c18236d7f139924b78a94507c8100e
SHA1 3f5e1b71ca70e88fa23959eec2f2a5176472ca64
SHA256 9ddd6cea19dc631725a192042e2ad4e42021a1b0fb193db8e7d0819c0b96b448
SHA512 270eab797cc53f92817920ba37d8621c0e9cb967ab3e79ab690ad88d954d31583d7f497c396ad94b699f2b93564582c2e1699e0cdc8b0120f81f69ce2537a49d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea842740cccc1c3e66f07081ac951731
SHA1 b227f077c0bd5a3830e50a4bef834c9fbad4f503
SHA256 55cc6a797d94c6cbaa5f311f732c755dd7c6c2fce8c173f15a277862326f3716
SHA512 3b891c621a4e78eb152386525eae490417fbee25ff255d475f13a70c0f64ff93e40be94144025c6a6939ccdf0ee72f761a50e8d1fdb7527bde0bb3a7f1e6cc62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 906584da7dffd6116c3bb9f6c2b6be40
SHA1 6980bce1b6b5a3a1dccf9d003a87899e7db1e08c
SHA256 e275a3f0e7635f3beb5952ce66e0e9ab81924fc1ebd8b15394e1867800d9e1dd
SHA512 d3699b668cb6c91dc3237aae8a31c8bb45bbc612ee6a823ca42ade61c1f5f18d7da4a524f7cf4fc5de9da73c1916809142eee4a75fb42d7b6ab9e6d181defd8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6b298e4fecb9be535834793716c5b2f
SHA1 f1e971618b956d9812be687287449719eb8bf1ac
SHA256 6d6db691e0ebf78bfb90bf7a8c2f6c72629a79473f9056122ab024bd3dd2eb07
SHA512 5c7efffbc5929b920ca5d9dda19b655dd08454592a3b09eacefeeba65572f75c447c3163ae7de06c39f301a4d0baa30e31404077400824ed48c5dca37633d1b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d8a280b4a487f695505099a00635742
SHA1 1e2aa36c1b4e8656f1077d95b441146aa75d02c3
SHA256 d33dff4bb0fa4ae9e927ef9c797866446b5ce0d22e8412247c5458e604a8de05
SHA512 09575b0b78fdcfdf4b224357ca8d55b39ab6fc741f67c875bc21742e0ed2d2bf175d726a9527d136e7589c919c3abbb5c2a7d90cfa1b706fd0104b5c7c71165c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b68b70116a12b4e82f07f1755d2d9bbc
SHA1 b37be0e66d27f4f8591436d8dae09152cabdfb59
SHA256 dc26c82d50578fa2d71238897f23a1f0da8f43ad028930c8dc3e5536f32c77e5
SHA512 e9cdb4b7c96ec1725329d169a95b93e40cce0830d27162de99db46c759a007d25fadfa1cfd80b3af3e8832747d1b8090465a6bc13bf300973172b6a839c880aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0307372b6a45d28b2c19968e04a8749e
SHA1 b966da95d7717f7452bc70d2c40f53d66ef60933
SHA256 a061fe92ff21bdceb4a89b112130a195f50972a8b57933844e47898a6b4d4167
SHA512 0781a88f7913ea6065c95d4bc535d12a3fdd57cb5b3c2ecc2a988773965f1420d35df898c944ab4220241dc0717b3d82ebd6cd523a812fdf47ba8e9c38eb652b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a90c286a8919236d57b2160e90738222
SHA1 824dd51dd8a1f242ea3af1130afc91f0b44bc79c
SHA256 058463c33d3c45a4d1250ad819780325cc52dc92aca021c559eff53983144a72
SHA512 da1eb7e22165e59f02462d9a9c68f375a29c06abc92518c52fa9a1aa228670282c72fe3fea23c8874e3e82b130f21a5656cffc320aa75e1aadf9a609a55ac03e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\1005847222-postmessagerelay[1].js

MD5 fc4f777baf3abc58239cbc8efe48c659
SHA1 32a32fb5bf485fa53a8256d24db6460e8eb1ccef
SHA256 fd632e2d64132d33c6becc1c4f1d35b828eddac1bf48c4cdfb326b53b161885f
SHA512 d223db5d31692f3f5289d6a8999aff916ffe12e16b5f4baf69716f31423de520c1056966152c906d34f8ba0f27cafa529dbaf0e0e503fff03d30bf656ce4b6d3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\rpc_shindig_random[1].js

MD5 f28f45de0a00a50f2a52ad73f243dae4
SHA1 c964f6881d60f9ff849c5516da17ab4961822c80
SHA256 eb618daa43c4b741e65e6397efac618d440ade122c9605784f320ec300e141e9
SHA512 501f5e4afd986515ecf126a558058a00a245dcdb62d6b6b2cfa4c7db22f02c5f44c3d9f94f7153db686651975b14dde425fe7e6793491d13136963de41dcf28a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a5ce784304dc12b7b742c4a563c62f
SHA1 0c6dcc77148313137165144e00fcab950b0c78e4
SHA256 15043b7903342249db4c57de68abb967ecb441f772e0638a52763d4af071a693
SHA512 3a2b0c0ed1fe23482d3055e2039eceadc7d0212121d1ea2d9d17f0e6d57752c6d48cc5329f613e64dd51ca57e92523a4db2cc05be7ded3bf450abc1bd82ec8ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d97977b6aaa5b902afb2f85fcb55984
SHA1 0c0eaf2e9caec6779e246991fa5b42ae11091185
SHA256 c10c308b3044d5de8b47b430063e18f756bb990ae8d5e57e24df8cb9bd7d32d8
SHA512 45aca3254dfdc2e1f0a4fb784fccd9d1e0f2d0bbc4f02c8b51902c4ca4603cd8c5dc276a11806927dcac0d00853772329ec0626cdf6351b50710ca2c1530d694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 68f016ca7baa6dbb1e6e3e595616731b
SHA1 0060cc5abffb7353933ee2d19ae9265944a6769f
SHA256 7a2ac5a59a300bd71ee606db718d704bb745595bccc1fb164c945509506f923b
SHA512 a7e287f37b6a97b3303484bf9ff9bba0f295081ec65effc4e6cf5329dd950781a4a1afe47899217555203c8f12b5bceb585cf27dc5c932f70761b6d5731ee562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98d8178c77cd62d4433b69d78fa9728d
SHA1 f9e82ad672ac3bc085b66d80ff86c86cd1e87eb5
SHA256 00d83ed6d27124c785f14275b9391ddf6052e835329b6a1c8df88ce36541a177
SHA512 65ca1711103299b9017db00353ef19fa7cd66c777ccc805bb3d6f2a9c0846e26bcce90dc7539a7ea0f6bd5976c56a5c7979b7b4a35cc55ff0c0143c43b138e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a2cbf598aaa8977b0b410d7b1d96a9d
SHA1 9627d09a0c23389216b8d6e721d3e1d71f9068c6
SHA256 28349ff8f677fb8b61d8e55a881e880bf0a66f8cb9a4f8372d2a959842c6f291
SHA512 55556f41ced831ff9ea212a6f7cbe0a10501e80378b82365eee4684552f99c4b746b40ed66feeb438ff3eb7de5571aec2fb8eea3d5bbe165ee957cf145939fd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51ca6ff305d00ab1db4eae63c346ae58
SHA1 62a642c209ee9e0c31b5101c0b564987556dd265
SHA256 f3ed0cb83309b3c995ef48384c81d1b0d8b3ac683999c2a981b229ca5062778e
SHA512 79c9d16dfb93c6e13e6d0a6507d31ce64755cb1d832de73e6c94226906bb2a64a4c9773d5a2b51f37c26a89369ef399eeb68bcb0a4247881febfb99aaf699b3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c1c9092758412ef853daf5e46c943e3
SHA1 23a3a4f31726f172f2b6f04d35e5815db4f0fa33
SHA256 75fbed6a59b6aaab752c0cb9ea729d99c95c3af2efb7045cf37b7076aa9e2445
SHA512 688c9b83390e577ffaeaeaaf72ce551aeea8f58fa2161d43feb99a6b38a1564db4443827386868c6a49a90963e04fb793beaef88fbf60da506ec2c89dea64e27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acc32762d71afb0e91e72ad91a989010
SHA1 5beaea857451457e24dcca918833a12481c3d4b5
SHA256 373e3b4883cfc05cc269cfd8a1eb9dab82936d9ee20df429f9c7def5235379be
SHA512 0e7486e76246e82d03bdecae89a9de7adb44c09b752459376281c0768187e0d5da2afc23f7c67367bfa844ee6c994afd8329c20753bc97b6a153052d6a804f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2db54b278f82e5a42c8e7fe391d24dd1
SHA1 4769e898dfcb3402de940fc634e5f8ac6c615565
SHA256 b5842efd8811676a8ece44bdaa219d6f84a47ef8617861bf52fa6227d81047e8
SHA512 a97b55a9d6e4742135763c138ad5b7804d03a35952cf414a1ac6831c3dd39edba023d4e197b2e19ff4fd3ac2c4f1df415a3aada6642514af3d276547b50aacc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a30969f241d925609d9a52b1d217a583
SHA1 71188314270ec551e9cda70003a822066cee8063
SHA256 b132eaa08f1c6023845c23ab311c669854a1357e7e8faad3f80ca94f21a0fc18
SHA512 c8df50bbb8d6e459565a8367786f7498d2218388b63e66b3b34ed17f5770149d56bb0ac77945ab56892b256368efbc121cdb263658d13d537acd7b96056e41a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea98c30f80c9f040f794bcbbaadb83ed
SHA1 73fe8a95681892fe874a0a81b2b9d915c8bedf3e
SHA256 f7699df395cff52f00b9f1d48aab8f763471562a2665e627476960ac33567469
SHA512 2bc0e52855ff8879d77dc715876e22dbf2b4b1d2792b7a5473ed34ed1c3cdf8fb88a6d4fb6115107bcb1cd6db645cfd7d0bc990eab859f99ec86a203860497b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2684659b1c481e99ec3b325b8d57f2ac
SHA1 fd0767f0d94cdbf7de0952ca27ead04f2e474661
SHA256 22bb171e167b092be2be410bc882bb2395af47c20e99cfa7515d55bfd837f075
SHA512 587d6551a34cd7fa50c9ca71f2b93f567fa3123e2d5361f6e493c9e0a5fe66d3249a05a1e0294ed86bd5c107bdc29a910d5f95708625e70d02385ca105c8ec4e

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-02 01:46

Reported

2024-04-02 01:49

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://df.onecloud.azure-test.net/Error/UE_404?shown=true N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\804efca48f035c54a2ffd12c645dac8c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5480 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5832 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5972 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3964 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6120 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3736 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5488 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6352 --field-trial-handle=2284,i,2771196087253062161,8107167670425198948,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 journal.cyberpartygal.com udp
US 8.8.8.8:53 journal.cyberpartygal.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bp3.blogger.com udp
US 8.8.8.8:53 bp3.blogger.com udp
US 8.8.8.8:53 bp1.blogger.com udp
US 8.8.8.8:53 bp1.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 198.187.31.93:80 journal.cyberpartygal.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.60.157:445 platform.twitter.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.187.238:80 bp1.blogger.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 172.217.169.65:443 1.bp.blogspot.com tcp
GB 172.217.169.65:443 1.bp.blogspot.com tcp
GB 88.221.134.17:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 platform.linkedin.com udp
GB 142.250.187.206:443 apis.google.com udp
US 13.107.246.64:80 platform.linkedin.com tcp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 76.76.21.61:80 www.stumbleupon.com tcp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 76.76.21.93:443 www.stumbleupon.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 152.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 93.31.187.198.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 151.101.60.157:139 platform.twitter.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 61.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 93.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.206:443 apis.google.com tcp
GB 142.250.187.206:443 apis.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.238:80 developers.google.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.187.206:443 apis.google.com udp
GB 142.250.187.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.238:443 developers.google.com tcp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 238.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
GB 2.18.66.163:443 www.bing.com tcp
US 8.8.8.8:53 163.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 2.18.66.177:443 www.bing.com tcp
US 8.8.8.8:53 177.66.18.2.in-addr.arpa udp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp

Files

N/A