Malware Analysis Report

2024-10-23 17:24

Sample ID 240510-e81bksef95
Target 2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118
SHA256 c035445ed9c3ed2ea55f5c65462f3e5c360f49e15a640c617f202e0fdc3bd780
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c035445ed9c3ed2ea55f5c65462f3e5c360f49e15a640c617f202e0fdc3bd780

Threat Level: Known bad

The file 2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 04:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 04:37

Reported

2024-05-10 04:39

Platform

win7-20240508-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000be7fa73d65dcdbaa29d3a9022c40568f645ab42be9bb8857c5d72937d48090e4000000000e800000000200002000000043af6833675d1adf610bdcf5f1a91b1eaba67f03be0475bd7a9173d538f6c8b520000000611262ac35b054c908cd081abb2ba8ba88248cec0e560d6faa73c336b80aa6774000000076ceee97e2f8cbefe6ee975b50de8496ecf031a45d39ac0c9d3bbb45702ac00174f64c138c443fc2cfc22ed705e38e451fc1d794db81f6baa02e051f0aac1ddc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000009362886c7e200c34c56deee6d8648db5f812ce2e0531a89892ef8f25ff0871c6000000000e80000000020000200000003a021e30616be8177395b7c99979ff4e4b1bfd8de33ca8b02fc670fd574c60a290000000a363a40a5b816b16436fb7097dce177e2ccb68c22287021c69ab924bfc1657a09aac84f0cbc6b81fde8de1176c6f6b676e05ced7ceb5e340c1bb0fc25e5215c0dede52936ebacb5f09737f3b085af8a1851c7b9f5e7564251f0d453660a2a8bd87a8924d5801d53c84d0c143f4e470d18c1e0d4ee69910acb60f80a7ea777ee13867a74e492718dc7ca87a432fa5b6384000000074ec4581fd6a51393ae0cda3021fd43dfb662b5f4b24ea3f56d88d03038bd6ee250b6af7656e6b6c98d18888af25dc0afe973aa7ca52b1e3b5667f6f57bc8511 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FFDF1801-0E86-11EF-BE4D-CE57F181EBEB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0441cd693a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421477712" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 widget.supercounters.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 216.58.201.110:443 apis.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.200.10:80 ajax.googleapis.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
GB 142.250.200.2:80 pagead2.googlesyndication.com tcp
US 172.67.154.41:80 widget.supercounters.com tcp
US 172.67.154.41:80 widget.supercounters.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
US 8.8.8.8:53 www.google.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 199.232.192.134:80 ammachiyudeadukkala.disqus.com tcp
US 199.232.192.134:80 ammachiyudeadukkala.disqus.com tcp
US 104.22.75.171:80 widgets.amung.us tcp
US 104.22.75.171:80 widgets.amung.us tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 199.232.192.134:443 ammachiyudeadukkala.disqus.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
GB 142.250.200.33:443 lh6.googleusercontent.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
IE 209.85.203.84:443 accounts.google.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 a.disquscdn.com udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 199.232.194.49:443 a.disquscdn.com tcp
GB 142.250.200.9:443 img2.blogblog.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b6e71adf7324685d8f60c97bdb99f892
SHA1 ac45dd58c3dfb5d68ffdbc27817f1e5ad5720830
SHA256 40a181e9a8b85b862afc89a604eb290be3b5cd68937feb9ccfc467d3589e8e5c
SHA512 f864a712e300632059c0678ff5f54412fc7f7a1db02e469bcdc77be452886b55cd3d08ff51076278d1a21b091b2fc459e30c53b0d8e8855dbfefa59f0ee4cea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_F82FCC341F124F6AC9D153F6ECE89FFA

MD5 172831834ea62b24f27ae09586544041
SHA1 1bb2f6eb9c319fe96051c9a7db6cc4b882912471
SHA256 c88fedc9c4ce58c474cbda40048f9c60ea139d81438401ca3f9f38de59e57319
SHA512 ab2e156cf49e575074aabec3dc76df497408755944acb34ea9a67f85eb75bfd1fc4eb898b445cab38d6cfb799288668ca6ca9338422de9d774264dffcda4de44

C:\Users\Admin\AppData\Local\Temp\Cab2252.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2255.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a41b1eb83cc83d35ce4925408c32600
SHA1 3656e9be837804dbdfc0657f51fc90edf2ddb443
SHA256 48d09a5edb257891ecb663ca408184187b74e4486807dbd4496091a57627b4da
SHA512 e6d4b19b5ae043d8a6404dfd6ccf60cb54f8efa3c4cbfa044e728ac6bdbce5d57506c35321627bdc45a6a9883e432ad2973533fa5b6fbdb426439ddbf3c894b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49d96f7217c1634db6f9d93bb89b2fb5
SHA1 63551ec8414af41013c2dc18ed9778361501a691
SHA256 225bf2e886a55fac4cc2ee81e5b9ed83758269b6ea1ca10900b67df1946f9f29
SHA512 c198d7be71f2ab70c2ffadc48e895bad9724dd3b4421ac9727fbba5434c96c7d36aa6a2a97df98cd97223a3a7adf0d3a92b5d94cf0015bd966696a15a56d9f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed4b82a1612a9a6acedd51afe75e45d7
SHA1 69a3bf58ef6f7b27c99db52ae8cf0db48face919
SHA256 009690b80831659bf416c2d1206f124f6d881c3a1fd80090d504574078239b49
SHA512 5208022ff04579bdac18701b40af9253e30915a1a12b4f41bd0ce24326676617011687a6677f52d4ade2636c8e9782228eab15d88e7cff7e8f0120c45aaea7a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11e4e01f5ee2d51c58bf297416bb0bc3
SHA1 2f412dc36b00b7df07f480a7dfd06345604a76e9
SHA256 0b458fd9c1c209fec5c01333ad835aab3a2efda8fb94e33264bfb7f9b3c86632
SHA512 7ea4f3c908006dce7de25a5b7e6a8bd96de130bc7c20a763304bb507bfd9fc1c51fb760876f521b5923db94babd8eaa0ffbda53b28f5a5ecf2ed3a494119de9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f2a9f3070680ce8031f1c545ff767e8
SHA1 3b8859ff06473ab0f13097146f25da58cf8acb84
SHA256 b221117396297da15d2c6331f46df24e61f296a5df0277888a1bcbb9947c438b
SHA512 60f257e011a20200d909b52358810a568332d3f823fe6201aee0e33db1bfd357fb5949cbb4bbce0ff08f2b958253b37baf6730b1930f4e25226698c79371e34b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35831b0ef9c685071f1c26cad1983ec0
SHA1 3ea2c513ee12f53e1aa1162daa3531a09f65a06f
SHA256 0f5e8954d81db22c12f2e241727bb3dae2b884bd9b27aa1795457eff76c18692
SHA512 81f1c30513a3a3062744234d732e227d98832cddda42cd205ea4b61a62e4147eee0b5c0ec335812d0bd491ab4da4f58cb2977092b8d86422345514d3b9ebb722

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 accd4e7db14669fc9e95ba5591d5c4f2
SHA1 c1e06c8e209d95d64abaa4a091ec549e3a91fc39
SHA256 f4932b4bd12aa0272b02343f7aff12aa634b421b342d1dae6f34db462286892e
SHA512 18a2455b9f50bdbdeddfc64f8dbd8254fd90f185196537fb44aad08ed7c5d4f3b95d9347d7a741a7ef2e2904e8f9dcdc2adfb2ac526442e19f348c47c3956cdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 5b5171324e0c89b0105316b4a3443e28
SHA1 d320580e727787eee9f1ec423dae5ff5d831cc1f
SHA256 c98a2942ae842ddc01a845eb4394a8b17756f2f05ea55f122a306a232984e296
SHA512 ea6493481348fd310ef99175bca684fe8c72c9f8799a822124af37035bf150b0635ac723940cffb01ff44093fcbb47cf1cc1067ecc806b44559acd8396cdca90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83673667adced67c4fa2d4df0d306bd2
SHA1 c1f8386ab34381edb5cadd6c7b89ad442f238a87
SHA256 a247a58b0cba3564c2e2cfc8a2f3ee824fc53f3cac67162b24572f4f8116778f
SHA512 46764055d5766211007c276c8db28a2380f3274077a2204c72a368b4f7d3a3ac3fc0b3c27a0afe5b54a29536b531a41e58eded970cc5567c042ea80a708a1f06

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\cb=gapi[3].js

MD5 dce1011360b966da40f760b23df1b72e
SHA1 4a463114391945d341c29c85892a20d1dcf5eea9
SHA256 a5e8a84b045d2b31be72de1f96c9f21afc6cc2d80d361ef1485d3e0697600e9f
SHA512 462a924c0689da10edf417dc9ff7176dab361251d18bd173adf175588c329684ae136ffbdde5a9da459562784c40443121cf5f73b52f86a1431fd4a23da0d563

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acefd8e325ce75a230c31e39fea95c12
SHA1 a347c0c8f243b03560001a0c67ac686e62da5583
SHA256 fc9f1b75493219a6eff2a93ef7cd8aa180ec90e960e42e42266759a20523a84f
SHA512 64ddcc82989764d25bcc9e1aab0c8e51671f7a330fb09275e85b9085e9afebc746da15d9ab6750a6ae35a355eb496b85fddf940880380088e47b65e8cf1e1c42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3191a8d36f8fa7a6e7560316cd5adc6
SHA1 fb0e6502a8e9e6ebe6b1860e8456ce6792eff9ba
SHA256 2db3bd33727ca26aa589d74577e25bc09120ebe187bfc32d26faa008d79a9b1c
SHA512 36b29c0358d71d3dbdd2dc80b1ac553dc709af77028368652d25689ecbe6650b792899960eb32d3e641ab94783078fb03f45a01fe7268ce57692ef30a50a35f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86c8727f563da1685bed1190d76b515d
SHA1 62ee42876952d8d4af95c0b07ab68d4e9e15b370
SHA256 3cdd69915a3c57c267874c42fe4ce5d4e5bc00b6b4b49734127b1220d2c00224
SHA512 e172ff662861b53629a0c0db120b663e50e8c70400d608db1d3551b7e16f12c7015a89867a0efd8aec7528df791d93b93bc68e983a442ac708f06094af0b68a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d79aa7d2a2dd514ed9cf9d6574652b1e
SHA1 d04cf31789de8cc9b12e54ad461b1cf29a7d3649
SHA256 a0d5d2475664d30f771c83d11a766c00a7ee75176afffb696fdf39bdfa6564e6
SHA512 24576e0a539a7ef4bf87241f685d13b60414f48495a0f90ca12db20bb565f26b0a936d9dfe0af300b168e38a798158e4d4a4233a1c9e68cba627217308b9d0b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa53519fa3948f3cfb74ffccfaf2539c
SHA1 8e23c66df50805af6155a02d35ee772b5044c95f
SHA256 b8394401b614797e43d0a704498d1fd80db376f42b09a6488ee897ae8ba000cc
SHA512 1c09ebee552a7bd17f098f3b84ad279ad09f66dfec638f4db2ef6f7db769af3fa6458754553af20b537e7224c7fff8095ec0d3634cc6b2579f270b629530aad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7af05706c4bd84874540fed100fe6a79
SHA1 3f8cfb2527fdd3944ffcd539e2b8fd2df45daa23
SHA256 4da02b714f99723e913bf343d80e25528d4aa33d2014b34e9caac49acd5a579c
SHA512 5880df6e6b29ea94203f6fad19b4b4431b3c63b205323642d4f84381053ddf1ffb66164984c0b867be57bd95f3a99bd05a360357010f297c3c289c3adecb030c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 379dfb80f53ef905665deff773d227a1
SHA1 43c4549b0d205617eddde3e752555cdf0c1d5f34
SHA256 45972e5c4428d7dfe1f5cbb38b74e167b7cdde7bf96541ef84e9f9c1a654b46d
SHA512 56daa2e35f741cce608748cfea148422f1de575efb9b479928334a0494be2ce85eac1fd9714442e47717cbe1a2762631842b0db729c801926c2ea9ca8676d971

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ebdc45b09c898fc6e5305bb885188f7
SHA1 452e402f28cf5e1e714abcc6283dbbe015397b38
SHA256 f3c8c3f684bd782fd528c34f90e793371a141529456f5a9cf560b59a2b20b3e0
SHA512 c44339654cc9570128f244ca47115ff5e229a0ac6e6d026bea4955d3a4e59171fd631c9ba06c7d549ecbdcdeaec70abf9b9899d8ce26c838905e46ef829f0ef9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0885f6090bc87c36d64b89c86a813e20
SHA1 bf01fbff3b48f5131bc500842783b1ec340931e0
SHA256 eac8c0d941482f48983584a643dc1fe8e9ff76fae6a72de3c1d09f4008b4d1db
SHA512 c85a73e6c068bdf1f4bbdaf211c24cea4373d4125839c7bb4463c194f88d0845f246c6a6c45375afe633fd1096edd26e56a975d0fd45d2c9b6669e14f21c9782

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0787409bd0a2a73a8466ff603b4fb6f
SHA1 2b19457f42407393c3f1ec358ec02a23f38651f1
SHA256 7789e5b21424bd97248a56c519b670789e1a88522717e4823ae914aa518c26c8
SHA512 0fc40553a22b56b7a04bee9742a5f86b7e71d76b716581ec992d1fb426aac1bb23897800b00a7f0e779b1cb8f21565f802e4f4bf9554218ab841271cccab7b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcba3f385a227da0254ca46aae58e643
SHA1 466eea4796bb0715b1fb4344771484e3bd41ca51
SHA256 8898c4236deb501f1105f0cc71ee43b8aa4e21d5db9f451c16f08a990746bba2
SHA512 4dc36506ffa01581152e2c095bcfecfc5da1d204d967daf78bee0d84425787fb52b1b74c51f88a045236201d251abe6c099f1599fe24b6e8834c1499e7d9aae9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f44ef1322d6412aced0cbb20369ee5c7
SHA1 f13bacb1eb29d58ee9bb5b06eba5a4b60776be57
SHA256 77170a64f585d7b281974cfb587991fdfd081ce71dacd0e8df34262eca84d842
SHA512 65ae425fbc8c57407e4653935ac5c8897eb9a5cb9c1e514963338de08686de8bddd5ae59ba8dc3e5b4b514f699750985db129c4315b575b1030072b4ebd9a4ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4d0f1b8846e3df16491c3b802b48f3f
SHA1 be8810a4595290bfb88b6ff8c1228a8e3596ebb9
SHA256 9fe3a11c9c4b165a650964bc00a4ba62013dbf7fcf018d286c1eed1958cd53e7
SHA512 7dc6eff087bb7d52888758e7622c37028b2fd6395c12fdbdd1ca1668c76691208d7436cc7468c8843f1cc9fa1a38dad830ac6f427f7881a1b9393d79b34cba4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea8081331968fb9985cad314092367cb
SHA1 9d12e375212b9bf6121d1c125e8e137ab0be5d60
SHA256 aa5f1e304739a97e87e026f2ec6201a7d5ecd4fb17b5ad38d184e98a28d39ed8
SHA512 b0c2fbf3adc7fe2265e77de96a8f7785487b4c2a3de76711674465156e11c1e1e5cd945d84310c5a19edc9fa4cc76f1761e7eee52fb0e2d9ff1d8d81769bafa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26135a1e56d91a2a1e170cf8924a7cbd
SHA1 d329f1ed9609102943c2240f9b707da392be803f
SHA256 a9563b5e2c514dfbf119c28b8252bdae2c772264974b0ccf0f738663d0db43ca
SHA512 443901830db1c2e0342cce30bb927993968ff9a67fea71327a2d99a9dfd8fa8de2f9820154b574ed784700f2edd6cb5250a794419df1d9b7bfeb7df0099e590f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebe35e6154afaa8808c7fc6fa66c567f
SHA1 88cedf95762ab9389f5f038a7d7988be934a8910
SHA256 a1b9ce941cae047e45d7c4e244b4adeee9f52b179eca9e7742172efa4df0dc9a
SHA512 dca18347495e12856b164962b50ed6e50f1f84dfbc6ade7a4f85d9d1c43d2e12c87be7a2ac5037b6d8638adaba98c4f5f624300644e4eb76aeced89f18b556a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a23ccfa4fe31bb48e40b59eaa443ef2b
SHA1 c11ed01556271376b0ae427a0f320449bf06960a
SHA256 01b7b47497d51afc2d6737d89023572f0f2cd1a3f0f3ef7e952a651a024c0c05
SHA512 c98394e1e223510740e6042753ac50bd7cccb9f6c044123a75588c6b48f9e5267b71b46e35d72d9e7a67afbb723894a021c186754e07f30e7411b0018c8a91c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5294a4ee58d1a8122c6ffdf8221e7488
SHA1 81a975f4b6333698b0b7f0aa7c6a5bbd405b666a
SHA256 a454928d312ca3d2e1c6de0fbc391c808036f803051c075f87ff2306678a500b
SHA512 774bc648e20f21eda3dc963f63625e063f1e9440ed2054a9b93e95f6d208f33be117557fd2d8deb32c1b258e18b482429d38a377fa062827528eb10f8bdf19cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97edde14192bfff0dd434bbf54627a01
SHA1 930d2675089701011673218c4d7f8e71f862baad
SHA256 c8d135e385297491726f915f08a3a0c30d3019430565502a488b7c1253784753
SHA512 99d944b862f706d52f64ee79613b76bf6bfd8bc5755917947ab403cb56ce89c1d96a159ec92f4d1b0f8771d330a7b50a1c6fdff0feb4a1595cf56e86e207ab35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 020ff600d76d6e0b1e5ce2405218f788
SHA1 68e326c0b5f4401d58168f0f773e914d9ce562b7
SHA256 6f90c2bea2c6d8a5ee7e901b07406e3c70fd71b772e4b640d29de35252703dc2
SHA512 d0ea749fd2c9d2defa2a1a94364e9ca258c4066ecc5df66d751826aff432d5759617f2c1f7244d7cb1fd44eacc7b41790cf6f45600e7d25f034b4a72761ad3b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e0667fa75232ec5649634a997b17116
SHA1 10290b360731be8f4c2b82b788ba5a7c170b6ae5
SHA256 66cd9a1feb45fb8f3ebcd8a9819aa37e3766ff7066a721bb21eeece5f433393b
SHA512 401945f0fb56bf3188cb00cd498cda6bd73a587e3c2c286de253c5bc2ff8c4e0293211164d9a3c567b9c68cc3cb198073513f320ac733541fdc76b2cdb0a6f85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46d83aaa3b031ffa679c53f58b610501
SHA1 4fede0d22e8fac4bf95ed45f295eab1d857d26d0
SHA256 c0c6af3035f50e1a791049da41ac61049fbb7d3dc503d1dee231c42e5ff3e45b
SHA512 a651dbe78c44c8c8cf8d72d8c674da9478059facddafe2afd6a99eb6fbb51c8bacdcf901ecb2bb14e4692c8811d9edbae900bcc2fc859861ffca2716a10d93ee

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 04:37

Reported

2024-05-10 04:40

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d60fe0398e9a063eebcccb2573a2359_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2200 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5064 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5112 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5516 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=3672 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6016 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5328 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6160 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5488 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5452 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6484 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 13.107.9.158:443 business.bing.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.33:443 lh5.googleusercontent.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 96.16.53.149:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
GB 216.58.201.98:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 149.53.16.96.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
GB 142.250.187.226:139 pagead2.googlesyndication.com tcp
GB 142.250.200.9:443 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 widget.supercounters.com udp
US 8.8.8.8:53 widget.supercounters.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.212.195:80 fonts.gstatic.com tcp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 widget.supercounters.com udp
US 8.8.8.8:53 widget.supercounters.com udp
GB 142.250.200.9:443 img2.blogblog.com tcp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
GB 142.250.200.9:80 img2.blogblog.com tcp
GB 142.250.200.33:443 lh4.googleusercontent.com udp
US 172.67.154.41:443 widget.supercounters.com udp
US 172.67.154.41:443 widget.supercounters.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 41.154.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
GB 142.250.178.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.178.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
GB 142.250.178.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 199.232.192.134:80 ammachiyudeadukkala.disqus.com tcp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 199.232.192.134:443 ammachiyudeadukkala.disqus.com tcp
US 8.8.8.8:53 a.disquscdn.com udp
US 8.8.8.8:53 a.disquscdn.com udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 widgets.amung.us udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 199.232.192.134:445 ammachiyudeadukkala.disqus.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 172.67.8.141:443 widgets.amung.us udp
GB 172.217.169.2:443 googleads.g.doubleclick.net udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
US 8.8.8.8:53 49.194.232.199.in-addr.arpa udp
US 8.8.8.8:53 141.8.67.172.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 199.232.196.134:445 ammachiyudeadukkala.disqus.com tcp
US 8.8.8.8:53 ammachiyudeadukkala.disqus.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
US 199.232.192.134:139 ammachiyudeadukkala.disqus.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:443 www.blogger.com udp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 t.dtscout.com udp
DE 141.101.120.11:443 t.dtscout.com tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 service.supercounters.com udp
US 172.104.29.90:445 service.supercounters.com tcp
US 8.8.8.8:53 service.supercounters.com udp
US 172.104.29.90:139 service.supercounters.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 iamjustinlove.blogspot.mx udp
US 8.8.8.8:53 iamjustinlove.blogspot.mx udp
GB 216.58.201.97:80 iamjustinlove.blogspot.mx tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 iamjustinlove.blogspot.com udp
US 8.8.8.8:53 iamjustinlove.blogspot.com udp
GB 216.58.201.97:80 iamjustinlove.blogspot.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp

Files

N/A