Malware Analysis Report

2024-10-23 17:25

Sample ID 240510-k97pyaef5s
Target 2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118
SHA256 c7c418ac95d66b15e7ba0afe13f7ba26eb3a0bca8f3954db7217e553130d2c27
Tags
socgholish downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c7c418ac95d66b15e7ba0afe13f7ba26eb3a0bca8f3954db7217e553130d2c27

Threat Level: Known bad

The file 2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish downloader

SocGholish

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 09:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 09:19

Reported

2024-05-10 09:21

Platform

win7-20231129-en

Max time kernel

147s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e068c034bba2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421494617" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006cc0279eefae194f95a9ddfa9dddb7bb000000000200000000001066000000010000200000005670792511c018a7416e5f72ef5a8cb9becccd914a24ae3a50e9e343818f3852000000000e80000000020000200000009d2f2af4329e640611609d4f48e596fd586691faeddcf8f04d4cdb872cfeda1f20000000e09cdcebe35e69452a7c7a661216aa926632ebf59f4a64d065eec02f5b923429400000004c81836c0e88f1f1607dfdee48693115849739d7fb4fe43b128aed213a9e9626df920fe976517c8a2ea32b35991b919e8d074747f55355b705d9aecdf34c4276 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006cc0279eefae194f95a9ddfa9dddb7bb000000000200000000001066000000010000200000007b890c94effebc5f37e96f2f991cfa81f3113710ddddda299596973f9559ed0d000000000e800000000200002000000041ed47eefca666b0dd292f8ceed33c901edb6448e825972e4cab28552d0acb2a90000000e4bcf46b96f98660de8dec708ab55c0847724f888185d803109642e7fb89b92de6f89c5cc05a06226d13ac21d902c18e1e18c978d63b9ffcd249cdec35ce21c34a76a65f2493f872c5d66b57710b4212ac52dc33238e11ab02370db21ca2dd233f9048493c04ab003690454fa11d0dce9267340fcbb93e94cc8104a5d3df20df0c5688f18e1456fb3a8123982b21668840000000cdb114edef4880fc5d15c938ca2bbc339e7ff7fbe54969c0138fd5abdbfbc6b8177b83094c15067de9283f0e9bd09999aa454dbe6cc3190cff050f297ed5e4f1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5B6FE1A1-0EAE-11EF-9911-62ABD1C114F0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.potter.web.id udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 g.imagehost.org udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 69.195.73.201:80 kumpulblogger.com tcp
US 69.195.73.201:80 kumpulblogger.com tcp
NL 172.233.44.120:80 g.imagehost.org tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
NL 172.233.44.120:80 g.imagehost.org tcp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
SG 172.105.122.89:80 www.potter.web.id tcp
SG 172.105.122.89:80 www.potter.web.id tcp
GB 216.58.201.110:80 apis.google.com tcp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.178.4:80 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.4:80 www.google.com tcp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 157.240.202.35:80 www.facebook.com tcp
FR 157.240.202.35:80 www.facebook.com tcp
FR 157.240.202.35:443 www.facebook.com tcp
GB 142.250.178.4:80 www.google.com tcp
GB 142.250.178.4:80 www.google.com tcp
NL 23.62.61.129:80 www.bing.com tcp
NL 23.62.61.129:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarBC9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 870c377228b346167a8504159cc676d9
SHA1 8e7da975d3f02d1dbab58a2a759d04b458253841
SHA256 841a3b1fa9d6ad7f2b566f819a494f4b853992225c7a1eff2af9de48fce65e3b
SHA512 af9c2109736cc54c9e4826d97865804aa80f7cfbdad0c71191dcb24ac2f33968834e418d7da911c46836ac890d9f80c2fb4fff18ac73f9ddc6d5bf4129051229

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\plusone[1].js

MD5 fb86282646c76d835cd2e6c49b8625f7
SHA1 d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
SHA256 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109
SHA512 07dff3229f08df2d213f24f62a4610f2736b3d1092599b8fc27602330aafbb5bd1cd9039ffee7f76958f4b75796bb75dd7cd483eaa278c9902e712c256a9b7b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFY4NVVW\all[1].js

MD5 1b92a284f7243a183c7ed47acc636984
SHA1 afb90a05e5bcac0b1f1f28ab2f14e668d128e320
SHA256 b672090120cb5c923ee7d4604e2268b04975e1ee03031b3a3462c6ea8010f9a8
SHA512 c9ae9a2024679c9dce671c04001dc6d7d4dd5aa576734e1ad1852a6e4207af68786d785ea547661c96e667926b95bacf7acf70a849f0cfcb479f2cb3809dda5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6dd6180fd7923bd2b7b7f3077a886f1
SHA1 88fe619a4e163ffad17c760e209586fc5f746561
SHA256 cbd55a91560490e10b6ce7cfef9004e21d271bc652e94e2f43ed18e2ddfd24e3
SHA512 1080aff71eea11bfa95579d096e9e82e1e11a2f8a3860461da47c8ff46a64e2cfc5f08d7ae1ea4a92ec16a2a1ec33ca198510b9cc249c26357a7eb461b6adec5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9b4b888b1887f9a9a656b363c3cce3f
SHA1 ceaa7deb10948748764d4298a9a21f777327871e
SHA256 90542e0944d6193a9a8ab32272b192ca3d119fadc22ba134db66d00ca7d33901
SHA512 d27acbd19ed37c4d2317d6866de4a59a5dba367d7e87afc888309ba6bee7cd4de2829472ac37582e2aa239b0e9fc4f0f462193d0f5fc53901e0dad5bf7c83788

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06c79496b97a88e664a0ddbe5989944f
SHA1 3b7fec2aa329911c9251616b6679055bda35b81c
SHA256 cce29b446110773d50d303be45056645b6525445f6669baffa40967ab72f88eb
SHA512 8b076f96e11fc6e6831918ba620b51f7cd1523a81eeb4c01fbecd1689b2982761f1364cb13273e53fab242c8844e0f4342206edf17f0742cd51e649708fca207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8120410b1e03ee04c478e375a5aeedf3
SHA1 8372683cea3f20c2b33a73d436595d682e22ed46
SHA256 077b6b0540b8b0c4305996978ddcc745664d5aee493ac3d06309b94da11c4794
SHA512 9463369556f6b2dbbf6e7e3c27f9c517bb60ecb8b8417c6f30ca48b1ce888012be142f5f1173fa2ca329570b6217174c9a78e6231a36da6b924bccd748d4851d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca67dba3efda0009c41a2380a7178e0a
SHA1 035409795e36a8b0360132c938d885f9ad240325
SHA256 5d0460881e45a8e03d06ed73e07a465c56156a8af2674483fb55e4e872b02b70
SHA512 25656836522b05270373942ef60fc7eb9785e9f1a70957cfa2b7a89349f5f7591347afa9d88f1bb9def100946b949a0ad8e476c82df15c8b3e620494d01334c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8aca8387409a28b2d67a38a76730994
SHA1 42e87ede5ebc0f03a251b97dffb92fae450f8c44
SHA256 1010dec759e9787be8444a9aebfe71218e6ff14e0218dfa22e71d6a5c63da856
SHA512 6cb36f3c64cb794e00bf8abec6b21d8af6584fb88b302e5a8a9ef12cdc9044a0a3d015f040e475e5b5d9138b77767ed362cafcc6b5c9afdeb2e26c1624f4efc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63ddbbc110185ea745d0f57334c80571
SHA1 bb03dcfb49b3bed2771fbfc6bc6f56be22ab32a9
SHA256 a4bbfb2ae6bfdfe510fc0daa7d5088758430b67be9bde7bab9684c5da484b96c
SHA512 f40beeec865e1779920c37d1fbd5967cfafbfdaef68aa019e241e57522201c3228592e6b748a80ed107671c795a4d8da0715390e1de59e6b891a6da60c6cde47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f6588fe9cb35bc3a5181fa62bb19663
SHA1 0f90ec861aa52c24f46790d672c6188565e925ff
SHA256 6b0566b584fa157fbac3b6389a244603cc7b62ae5623caaf54862e52a1eed19b
SHA512 adeb516036ecceecf6b5a1f45fad532df629c6901be10a7eca1aaae89bb1e830b85c6ce60a2a5e1ebd16950f727b776ed24cfa2c3ba43f328694e6286d782414

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ded8d0fec9c93c45b04b21c6c6584618
SHA1 abb5650ca984eeec606ec2c03369898ef102eb0f
SHA256 7b1655ab0e61a191c70eb0edf3722169f0dd6e90a6685e7363d55de43c492c61
SHA512 a52acfebf8b6fae8985e8b116d76b46e92956ac8235bb906832364c412c050e52211722d65cd08f0537d4d25839e507876c69dc23e4e46e6eb29ae35d474ddad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4f3d6c85ca49bd4234c64a2ef0d5b7e
SHA1 bf5f66cb8c8e5b979333415d7f5abb1ed699a102
SHA256 234f32b98adf282a3e35e6c309181b864cb90eaba472f3310cbf611ca8a48a7d
SHA512 695efbf85aff5e1195ec19358aef38da3bf451aeb8032be37b418ec25f7b86389503b3158bba2161f527458237908582707b51e591ea42e35d6aebcd76d64011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2544cd48067193e4f94ac1032775870a
SHA1 f827dfefb7f5f291ea3f750031a6bafbed5bfe23
SHA256 01bdc7d113fe45a7894a6d3ca14800ac9b0592f7d0a102e27b9732c7c6704b97
SHA512 4501f5cbba45f8d39bd393a2378698166ded030e70489860630e02c7fec2b1fcc9582da8d99d17874fb504d88423b30b479b9203239f3356072e1866d7b3358f

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 263707e1248d8586a0e9d8d9c9fceea9
SHA1 731517d1c2ff719a69a279b2ec728420c3a6a5c1
SHA256 dc6c7512aab8b24b7a3bc7187c2ba8ca08819047ac7f7da746b92a12ad661d91
SHA512 4d3374054d0746a3cfbd84dd54e5737a67cd33bf0c1f612139e495fd425cb0ca34c0955751b1eecf3a9711cd4c6e908f0fd5ac7d1d2689ddf0aa2dc6bc79ed7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c604c0495086fc96b0d3b1ca39a965cd
SHA1 06efcba99a2b5dae3872d7c652b3a447b1b2ecdb
SHA256 b302fa543dc8209dfab29552cec6a5a7ab981efd05ea62a2ac29f30ff3866c3a
SHA512 13a86eac1eb4ef41da4b7fe1073586db3a5ab917174096592337a261400c252fa9b4e1db216ebc2094a806a67afa10749d0372b26500185fb4951eb7bcf91ab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46aded1465f6cc3365355503a58ef5e8
SHA1 ad9c229a089d686b874bbb57c9c36bafa49e91c4
SHA256 65c64598bdf4ab25ff2bc5cac4ccc251a299fbea006eeba84855ad13acd59c1b
SHA512 18da1c51a729366107fed536c3dd8e3564183bbf1afe111f7e547078cb407167f04fa76a732388cb1c491a6a7ebbdc3286714dcb0f8733af57b58bb1a2f16209

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2297570a6770ef5d6c64703c2e990f6c
SHA1 fd0e66506d7885c4345450e1f63c76d8e89610f4
SHA256 069a1a96c4c8501c584c60f0b50d610f200a1e2dad0a69c1a4a91c79c83cbf32
SHA512 c538c73d437fff9cfcd48c16ba38a500cf06cd54e2363d4dd558c22b94131f35baaf74338b6076cd049da4913340f8128a07f862f8b1b6d9f42b676253d23567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0f356fd80cd1a854b5ce3a75bd58bb8
SHA1 683a9be85cc10980b42069795b25e566def7853a
SHA256 7af2528ef34ee7f5fa0959a833215271fe184802aabc4ebc108c70f3b4e2626c
SHA512 604b9655d47bdb1785eda429f6c5dbbcd1ad0977e45dc089deebbb008573efe2b117724561318a7c204b067b07d04fa059defbb89cd4b741a25404ed20df43f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d935672b16dde3d106a4129f8fffcd2
SHA1 e9521ff397c1d76b3453f872bf3c617ae1645af8
SHA256 04accb71e6a0b2a697e7f27498c0bb4848547ea367d7b43cf0ab4883a2f07588
SHA512 3cb68aea7323a4205445ec4044234fb79582d7b9b0ebbbc98193f6aeb379a618bd64b70a9fb56813c554b140f0bc611972a1247add9bc5ef9a39174d82d970ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b42a1ee2ad4768e5b57ddce14f8d1044
SHA1 21ecfebeb4df6b3b665c6dc6bcc233852659baf9
SHA256 5e4c47cb1f668555c988085b47694561017f50cf11ae9d049aacc8d123d3185a
SHA512 b9fced8f36a29a67b9f97ba1d1c410850419776025e1bf9f8b1c43347e8fba1517316f36649750e512fa6e19cb8e296730239603a0bd72e1483c368b6ab5f8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33e523d9f557a7949ba1a25b0aebd331
SHA1 52db25a45ce7a704b9abeaffafe77522410503c8
SHA256 bdab3272a466fd3952c3bb6a1829918ff4909a9b8a3c3db20b2f28a4911ae9f1
SHA512 9931aabb42f807c3e46ea02943ca70319d4fa2319833d810c4aa75e257978cd8098ffc1b4716ce5934f58819575dbf9a40e74ed504f9035b8fe56df0ec4bc57e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f53d1a1a097230ad81c63b85c16ce8cc
SHA1 0094ce56aa037cbe0efe45cb522777be01938002
SHA256 a5d75f069f3a63e00ebe7d66efa10f8aaa6c574993eacc671d7ad2eda5e9237a
SHA512 fa70bdadb5dadb7679c2f394869df0ec1f8d5c6461f695564f7c1e61704c5647877a48c5b377457ab0ffa53fb4b77e2accb2c8561f8851274c6ab37ab76e1cfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d2b8cad80bbb3f8958386a40632ab6f
SHA1 e880126db73f5bd321c75e896d0504220bf4f332
SHA256 372abf70cec52c66d2bd1c45191486fe86e3d7e15e6aa7f5f9973329ca87ac2e
SHA512 86b518f478e010a8556f70ff1def509b7be84c86acc8aec3f25fbe1a710f672e2350c53395061a34b80f1fdeface208e2fb3c6d8a7659c5ace8693cddafadd09

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 09:19

Reported

2024-05-10 09:21

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

160s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e6b7f5cc4dc8ee0748f00355dc777ea_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3788 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3624 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5364 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4292 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5904 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6028 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6216 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6628 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.potter.web.id udp
US 8.8.8.8:53 www.potter.web.id udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 g.imagehost.org udp
US 8.8.8.8:53 g.imagehost.org udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.187.225:80 4.bp.blogspot.com tcp
NL 172.233.44.120:80 g.imagehost.org tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.178.4:445 www.google.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.109.143.23:443 bzib.nelreports.net tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
GB 142.250.187.225:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.44.233.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 9.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.187.225:80 3.bp.blogspot.com tcp
SG 172.105.122.89:80 www.potter.web.id tcp
SG 172.105.122.89:80 www.potter.web.id tcp
US 8.8.8.8:53 kumpulblogger.com udp
US 8.8.8.8:53 kumpulblogger.com udp
US 69.195.73.201:80 kumpulblogger.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 23.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 89.122.105.172.in-addr.arpa udp
US 8.8.8.8:53 201.73.195.69.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 tweetmeme.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.linkwithin.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.187.225:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 216.58.201.110:443 apis.google.com udp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 142.250.179.226:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 www.blogblog.com udp
GB 163.70.151.35:443 www.facebook.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
GB 142.250.200.9:80 www.blogblog.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.200.9:443 www.blogger.com tcp
GB 142.250.200.9:443 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 216.58.201.110:443 apis.google.com tcp
GB 163.70.151.35:443 www.facebook.com udp
GB 142.250.187.194:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 216.58.201.110:443 apis.google.com udp
IE 209.85.203.84:443 accounts.google.com tcp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 142.250.200.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.206:80 developers.google.com tcp
US 8.8.8.8:53 84.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.179.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.212.206:443 developers.google.com tcp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tercopy.blogspot.com.es udp
US 8.8.8.8:53 tercopy.blogspot.com.es udp
GB 216.58.201.97:80 tercopy.blogspot.com.es tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 tercopy.blogspot.com udp
US 8.8.8.8:53 tercopy.blogspot.com udp
GB 216.58.212.206:443 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.97:80 tercopy.blogspot.com tcp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 209.85.203.84:443 accounts.google.com udp

Files

N/A