Analysis Overview
SHA256
c7c418ac95d66b15e7ba0afe13f7ba26eb3a0bca8f3954db7217e553130d2c27
Threat Level: Known bad
The file 2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-10 09:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-10 09:19
Reported
2024-05-10 09:21
Platform
win7-20231129-en
Max time kernel
147s
Max time network
149s
Command Line
Signatures
SocGholish
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e068c034bba2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421494617" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006cc0279eefae194f95a9ddfa9dddb7bb000000000200000000001066000000010000200000005670792511c018a7416e5f72ef5a8cb9becccd914a24ae3a50e9e343818f3852000000000e80000000020000200000009d2f2af4329e640611609d4f48e596fd586691faeddcf8f04d4cdb872cfeda1f20000000e09cdcebe35e69452a7c7a661216aa926632ebf59f4a64d065eec02f5b923429400000004c81836c0e88f1f1607dfdee48693115849739d7fb4fe43b128aed213a9e9626df920fe976517c8a2ea32b35991b919e8d074747f55355b705d9aecdf34c4276 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006cc0279eefae194f95a9ddfa9dddb7bb000000000200000000001066000000010000200000007b890c94effebc5f37e96f2f991cfa81f3113710ddddda299596973f9559ed0d000000000e800000000200002000000041ed47eefca666b0dd292f8ceed33c901edb6448e825972e4cab28552d0acb2a90000000e4bcf46b96f98660de8dec708ab55c0847724f888185d803109642e7fb89b92de6f89c5cc05a06226d13ac21d902c18e1e18c978d63b9ffcd249cdec35ce21c34a76a65f2493f872c5d66b57710b4212ac52dc33238e11ab02370db21ca2dd233f9048493c04ab003690454fa11d0dce9267340fcbb93e94cc8104a5d3df20df0c5688f18e1456fb3a8123982b21668840000000cdb114edef4880fc5d15c938ca2bbc339e7ff7fbe54969c0138fd5abdbfbc6b8177b83094c15067de9283f0e9bd09999aa454dbe6cc3190cff050f297ed5e4f1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B6FE1A1-0EAE-11EF-9911-62ABD1C114F0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2024 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2024 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.potter.web.id | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | g.imagehost.org | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| GB | 216.58.201.110:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 157.240.202.35:80 | www.facebook.com | tcp |
| FR | 157.240.202.35:80 | www.facebook.com | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| GB | 142.250.178.4:80 | www.google.com | tcp |
| NL | 23.62.61.129:80 | www.bing.com | tcp |
| NL | 23.62.61.129:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarBC9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 870c377228b346167a8504159cc676d9 |
| SHA1 | 8e7da975d3f02d1dbab58a2a759d04b458253841 |
| SHA256 | 841a3b1fa9d6ad7f2b566f819a494f4b853992225c7a1eff2af9de48fce65e3b |
| SHA512 | af9c2109736cc54c9e4826d97865804aa80f7cfbdad0c71191dcb24ac2f33968834e418d7da911c46836ac890d9f80c2fb4fff18ac73f9ddc6d5bf4129051229 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\plusone[1].js
| MD5 | fb86282646c76d835cd2e6c49b8625f7 |
| SHA1 | d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0 |
| SHA256 | 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109 |
| SHA512 | 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\all[1].js
| MD5 | 1b92a284f7243a183c7ed47acc636984 |
| SHA1 | afb90a05e5bcac0b1f1f28ab2f14e668d128e320 |
| SHA256 | b672090120cb5c923ee7d4604e2268b04975e1ee03031b3a3462c6ea8010f9a8 |
| SHA512 | c9ae9a2024679c9dce671c04001dc6d7d4dd5aa576734e1ad1852a6e4207af68786d785ea547661c96e667926b95bacf7acf70a849f0cfcb479f2cb3809dda5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6dd6180fd7923bd2b7b7f3077a886f1 |
| SHA1 | 88fe619a4e163ffad17c760e209586fc5f746561 |
| SHA256 | cbd55a91560490e10b6ce7cfef9004e21d271bc652e94e2f43ed18e2ddfd24e3 |
| SHA512 | 1080aff71eea11bfa95579d096e9e82e1e11a2f8a3860461da47c8ff46a64e2cfc5f08d7ae1ea4a92ec16a2a1ec33ca198510b9cc249c26357a7eb461b6adec5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9b4b888b1887f9a9a656b363c3cce3f |
| SHA1 | ceaa7deb10948748764d4298a9a21f777327871e |
| SHA256 | 90542e0944d6193a9a8ab32272b192ca3d119fadc22ba134db66d00ca7d33901 |
| SHA512 | d27acbd19ed37c4d2317d6866de4a59a5dba367d7e87afc888309ba6bee7cd4de2829472ac37582e2aa239b0e9fc4f0f462193d0f5fc53901e0dad5bf7c83788 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06c79496b97a88e664a0ddbe5989944f |
| SHA1 | 3b7fec2aa329911c9251616b6679055bda35b81c |
| SHA256 | cce29b446110773d50d303be45056645b6525445f6669baffa40967ab72f88eb |
| SHA512 | 8b076f96e11fc6e6831918ba620b51f7cd1523a81eeb4c01fbecd1689b2982761f1364cb13273e53fab242c8844e0f4342206edf17f0742cd51e649708fca207 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8120410b1e03ee04c478e375a5aeedf3 |
| SHA1 | 8372683cea3f20c2b33a73d436595d682e22ed46 |
| SHA256 | 077b6b0540b8b0c4305996978ddcc745664d5aee493ac3d06309b94da11c4794 |
| SHA512 | 9463369556f6b2dbbf6e7e3c27f9c517bb60ecb8b8417c6f30ca48b1ce888012be142f5f1173fa2ca329570b6217174c9a78e6231a36da6b924bccd748d4851d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca67dba3efda0009c41a2380a7178e0a |
| SHA1 | 035409795e36a8b0360132c938d885f9ad240325 |
| SHA256 | 5d0460881e45a8e03d06ed73e07a465c56156a8af2674483fb55e4e872b02b70 |
| SHA512 | 25656836522b05270373942ef60fc7eb9785e9f1a70957cfa2b7a89349f5f7591347afa9d88f1bb9def100946b949a0ad8e476c82df15c8b3e620494d01334c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8aca8387409a28b2d67a38a76730994 |
| SHA1 | 42e87ede5ebc0f03a251b97dffb92fae450f8c44 |
| SHA256 | 1010dec759e9787be8444a9aebfe71218e6ff14e0218dfa22e71d6a5c63da856 |
| SHA512 | 6cb36f3c64cb794e00bf8abec6b21d8af6584fb88b302e5a8a9ef12cdc9044a0a3d015f040e475e5b5d9138b77767ed362cafcc6b5c9afdeb2e26c1624f4efc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63ddbbc110185ea745d0f57334c80571 |
| SHA1 | bb03dcfb49b3bed2771fbfc6bc6f56be22ab32a9 |
| SHA256 | a4bbfb2ae6bfdfe510fc0daa7d5088758430b67be9bde7bab9684c5da484b96c |
| SHA512 | f40beeec865e1779920c37d1fbd5967cfafbfdaef68aa019e241e57522201c3228592e6b748a80ed107671c795a4d8da0715390e1de59e6b891a6da60c6cde47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f6588fe9cb35bc3a5181fa62bb19663 |
| SHA1 | 0f90ec861aa52c24f46790d672c6188565e925ff |
| SHA256 | 6b0566b584fa157fbac3b6389a244603cc7b62ae5623caaf54862e52a1eed19b |
| SHA512 | adeb516036ecceecf6b5a1f45fad532df629c6901be10a7eca1aaae89bb1e830b85c6ce60a2a5e1ebd16950f727b776ed24cfa2c3ba43f328694e6286d782414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ded8d0fec9c93c45b04b21c6c6584618 |
| SHA1 | abb5650ca984eeec606ec2c03369898ef102eb0f |
| SHA256 | 7b1655ab0e61a191c70eb0edf3722169f0dd6e90a6685e7363d55de43c492c61 |
| SHA512 | a52acfebf8b6fae8985e8b116d76b46e92956ac8235bb906832364c412c050e52211722d65cd08f0537d4d25839e507876c69dc23e4e46e6eb29ae35d474ddad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4f3d6c85ca49bd4234c64a2ef0d5b7e |
| SHA1 | bf5f66cb8c8e5b979333415d7f5abb1ed699a102 |
| SHA256 | 234f32b98adf282a3e35e6c309181b864cb90eaba472f3310cbf611ca8a48a7d |
| SHA512 | 695efbf85aff5e1195ec19358aef38da3bf451aeb8032be37b418ec25f7b86389503b3158bba2161f527458237908582707b51e591ea42e35d6aebcd76d64011 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2544cd48067193e4f94ac1032775870a |
| SHA1 | f827dfefb7f5f291ea3f750031a6bafbed5bfe23 |
| SHA256 | 01bdc7d113fe45a7894a6d3ca14800ac9b0592f7d0a102e27b9732c7c6704b97 |
| SHA512 | 4501f5cbba45f8d39bd393a2378698166ded030e70489860630e02c7fec2b1fcc9582da8d99d17874fb504d88423b30b479b9203239f3356072e1866d7b3358f |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 263707e1248d8586a0e9d8d9c9fceea9 |
| SHA1 | 731517d1c2ff719a69a279b2ec728420c3a6a5c1 |
| SHA256 | dc6c7512aab8b24b7a3bc7187c2ba8ca08819047ac7f7da746b92a12ad661d91 |
| SHA512 | 4d3374054d0746a3cfbd84dd54e5737a67cd33bf0c1f612139e495fd425cb0ca34c0955751b1eecf3a9711cd4c6e908f0fd5ac7d1d2689ddf0aa2dc6bc79ed7a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c604c0495086fc96b0d3b1ca39a965cd |
| SHA1 | 06efcba99a2b5dae3872d7c652b3a447b1b2ecdb |
| SHA256 | b302fa543dc8209dfab29552cec6a5a7ab981efd05ea62a2ac29f30ff3866c3a |
| SHA512 | 13a86eac1eb4ef41da4b7fe1073586db3a5ab917174096592337a261400c252fa9b4e1db216ebc2094a806a67afa10749d0372b26500185fb4951eb7bcf91ab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46aded1465f6cc3365355503a58ef5e8 |
| SHA1 | ad9c229a089d686b874bbb57c9c36bafa49e91c4 |
| SHA256 | 65c64598bdf4ab25ff2bc5cac4ccc251a299fbea006eeba84855ad13acd59c1b |
| SHA512 | 18da1c51a729366107fed536c3dd8e3564183bbf1afe111f7e547078cb407167f04fa76a732388cb1c491a6a7ebbdc3286714dcb0f8733af57b58bb1a2f16209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2297570a6770ef5d6c64703c2e990f6c |
| SHA1 | fd0e66506d7885c4345450e1f63c76d8e89610f4 |
| SHA256 | 069a1a96c4c8501c584c60f0b50d610f200a1e2dad0a69c1a4a91c79c83cbf32 |
| SHA512 | c538c73d437fff9cfcd48c16ba38a500cf06cd54e2363d4dd558c22b94131f35baaf74338b6076cd049da4913340f8128a07f862f8b1b6d9f42b676253d23567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0f356fd80cd1a854b5ce3a75bd58bb8 |
| SHA1 | 683a9be85cc10980b42069795b25e566def7853a |
| SHA256 | 7af2528ef34ee7f5fa0959a833215271fe184802aabc4ebc108c70f3b4e2626c |
| SHA512 | 604b9655d47bdb1785eda429f6c5dbbcd1ad0977e45dc089deebbb008573efe2b117724561318a7c204b067b07d04fa059defbb89cd4b741a25404ed20df43f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d935672b16dde3d106a4129f8fffcd2 |
| SHA1 | e9521ff397c1d76b3453f872bf3c617ae1645af8 |
| SHA256 | 04accb71e6a0b2a697e7f27498c0bb4848547ea367d7b43cf0ab4883a2f07588 |
| SHA512 | 3cb68aea7323a4205445ec4044234fb79582d7b9b0ebbbc98193f6aeb379a618bd64b70a9fb56813c554b140f0bc611972a1247add9bc5ef9a39174d82d970ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b42a1ee2ad4768e5b57ddce14f8d1044 |
| SHA1 | 21ecfebeb4df6b3b665c6dc6bcc233852659baf9 |
| SHA256 | 5e4c47cb1f668555c988085b47694561017f50cf11ae9d049aacc8d123d3185a |
| SHA512 | b9fced8f36a29a67b9f97ba1d1c410850419776025e1bf9f8b1c43347e8fba1517316f36649750e512fa6e19cb8e296730239603a0bd72e1483c368b6ab5f8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33e523d9f557a7949ba1a25b0aebd331 |
| SHA1 | 52db25a45ce7a704b9abeaffafe77522410503c8 |
| SHA256 | bdab3272a466fd3952c3bb6a1829918ff4909a9b8a3c3db20b2f28a4911ae9f1 |
| SHA512 | 9931aabb42f807c3e46ea02943ca70319d4fa2319833d810c4aa75e257978cd8098ffc1b4716ce5934f58819575dbf9a40e74ed504f9035b8fe56df0ec4bc57e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f53d1a1a097230ad81c63b85c16ce8cc |
| SHA1 | 0094ce56aa037cbe0efe45cb522777be01938002 |
| SHA256 | a5d75f069f3a63e00ebe7d66efa10f8aaa6c574993eacc671d7ad2eda5e9237a |
| SHA512 | fa70bdadb5dadb7679c2f394869df0ec1f8d5c6461f695564f7c1e61704c5647877a48c5b377457ab0ffa53fb4b77e2accb2c8561f8851274c6ab37ab76e1cfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d2b8cad80bbb3f8958386a40632ab6f |
| SHA1 | e880126db73f5bd321c75e896d0504220bf4f332 |
| SHA256 | 372abf70cec52c66d2bd1c45191486fe86e3d7e15e6aa7f5f9973329ca87ac2e |
| SHA512 | 86b518f478e010a8556f70ff1def509b7be84c86acc8aec3f25fbe1a710f672e2350c53395061a34b80f1fdeface208e2fb3c6d8a7659c5ace8693cddafadd09 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-10 09:19
Reported
2024-05-10 09:21
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
160s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3788 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3624 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5364 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4292 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5904 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6028 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6216 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6628 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.potter.web.id | udp |
| US | 8.8.8.8:53 | www.potter.web.id | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | g.imagehost.org | udp |
| US | 8.8.8.8:53 | g.imagehost.org | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 4.bp.blogspot.com | tcp |
| NL | 172.233.44.120:80 | g.imagehost.org | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.4:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.109.143.23:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| GB | 142.250.187.225:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.44.233.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 3.bp.blogspot.com | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| SG | 172.105.122.89:80 | www.potter.web.id | tcp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 8.8.8.8:53 | kumpulblogger.com | udp |
| US | 69.195.73.201:80 | kumpulblogger.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | 23.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.122.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.73.195.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | tweetmeme.com | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.ak.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.187.225:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| GB | 142.250.200.9:80 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.9:443 | www.blogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 142.250.187.194:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 142.250.200.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.206:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.179.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.212.206:443 | developers.google.com | tcp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.com.es | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.com.es | udp |
| GB | 216.58.201.97:80 | tercopy.blogspot.com.es | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.com | udp |
| US | 8.8.8.8:53 | tercopy.blogspot.com | udp |
| GB | 216.58.212.206:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.97:80 | tercopy.blogspot.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |