Malware Analysis Report

2025-08-10 21:26

Sample ID 240525-ayhlkagg29
Target 704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118
SHA256 4cd67f1a4794666fa43f252f9a75ec0a45160941cf726820c534cb3ccb6ebb51
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4cd67f1a4794666fa43f252f9a75ec0a45160941cf726820c534cb3ccb6ebb51

Threat Level: No (potentially) malicious behavior was detected

The file 704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 00:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:39

Platform

win7-20240221-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC0B3D01-1A2E-11EF-B5E8-DE62917EBCA6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c004a9c63baeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759298" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e02be6d7081cd4baffa34d3d40f265500000000020000000000106600000001000020000000436ecc11b13788a855d7bc02a53a3710c82e46fac9111f8c66128a9c8f07fda5000000000e8000000002000020000000ccd65a471e875884de1c886498b8fe0e871265b7e6d608b8c96c47bb01dd87c320000000c3e3bcddcab5995f42c3bb3110bf1f86190da23a328813e3d2c5687402aeee1f40000000a06878f3e270fc2db9c865a6f4fc7b856461dea393495060700a7225fe4ae40b812c176ecef8249da423b173c599166cd6e1680db55e5a37feee366a4d2b3166 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e02be6d7081cd4baffa34d3d40f265500000000020000000000106600000001000020000000c16275a80eff2e6e47ceea20112b73ca6bf19bbe9373109df68d40e8f25c6a5f000000000e80000000020000200000008a47899003926d4335cb47c6560645856aa6eaf2eafa86acaa48310ccf05d324900000003143c159028d3f926f582af76d0205bb0fc685a8dfe19c591ba0260ddcc7277f608e71f6d84be0a52f399ee56f731a6f79086e79a39d280a44082ae798db07bc49fa6ccca48126e700774795d8526bedcae14b0bf2c10e1c01cd90d5a165aaed88cb95ecddfe427f9f043e6b9a3081dd2b22d09280b64c01c2d7940248f839b440fd05a793a494dcdda5be381578085740000000a6c54393885351c583b8bea91b176d0a19fbc683acf620d09fbc485d3c5d17ebbff3065980fceb66c9dc72460727da7a2b25b54372ad799e51e02de3a9a1205a C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 velayatqadir.rozblog.com udp
US 8.8.8.8:53 s6.picofile.com udp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 www.webgozar.ir udp
IR 79.127.127.68:80 rozblog.com tcp
IR 178.216.248.179:80 s6.picofile.com tcp
IR 178.216.248.179:80 s6.picofile.com tcp
IR 79.127.127.68:80 rozblog.com tcp
US 8.8.8.8:53 cdn.engine.4dsply.com udp
US 209.160.40.232:80 www.webgozar.ir tcp
US 209.160.40.232:80 www.webgozar.ir tcp
IR 79.127.127.68:80 rozblog.com tcp
IR 79.127.127.68:80 rozblog.com tcp
US 172.67.210.91:80 www.persianstat.com tcp
US 172.67.210.91:80 www.persianstat.com tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
US 104.16.202.119:443 cdn.engine.4dsply.com tcp
US 104.16.202.119:443 cdn.engine.4dsply.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
IR 178.216.248.179:443 s6.picofile.com tcp
US 172.67.210.91:443 www.persianstat.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 178.216.248.179:443 s6.picofile.com tcp
US 172.67.210.91:443 www.persianstat.com tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
US 8.8.8.8:53 www.webgozar.com udp
US 8.8.8.8:53 engine.webgozar.ir udp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1B5F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar1BA1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab1C9D.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1C9E.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e40c22bec1400130b35b8af9a6d88d05
SHA1 ac95a43610249f4f86b1cb9e5c4e585c8391403b
SHA256 f01619a38b3d0c4418bb66921ed5214f48f3c8824f4a2de8c7ee8c05d6126c78
SHA512 9329b9cd26e95edccf13db21c321c5789001abc909d9f5393e95273586121d07418722a9f6eb7ada930865fed1f03c2b04b383400c12e3149c1f5a2c15f586bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb1d704c1822fe78c2664946b54c0a91
SHA1 3c738267df8b50e1c1a2fcc31a6d1aa8c39aceca
SHA256 dd1c4d6906659faa54f6a04d9b0f25e75d4b15e70322b71b39047bb22bbbc74b
SHA512 44853ef040f58ef5fd07edf87469a5190a8dbb378f75dca8770afbe162f6bff90cc98c1272f9bd61a723054e89ac6583dd663a4b8bf66a2e12345073046ec547

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\site[1].js

MD5 77a06c9fa29d253ddebef70817c410af
SHA1 331c6d02930f451430860cbf469d1eec71728064
SHA256 cb46a652c6548696ece7a3ad6abab84ca1e26570e4e63305e0b16055d65ec7e3
SHA512 285356e3769f79e4625294ddb2f491f74fd8863af683a3bf5689b4dd008f4fd1d0ff07bfedc6dd440929dc3c79045f793a190c83a3ba905b7d9f0993ec43b594

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\cb=gapi[1].js

MD5 63e5a0b45632b3dde3694ffcaf0e3f7a
SHA1 923736d0cdc308331d5cfaa0ea159bfedc83d53f
SHA256 889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db
SHA512 5b886c4b5122d61f0209ede748aa84445c9388cf38813316c41b3dbd2308216e88394d9a45cfc27113c0cf3bc93b9c37d808f6d3c67888244c176ee095d42259

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\c[1].htm

MD5 93e6ad64a91b8f9a4e0e423a38f60229
SHA1 effd56f48f3afbcf236c840799f240781f79830e
SHA256 363099281d5751cf3879d0cd4d398819cb1813ec20b25d025555cfd677d2b910
SHA512 fabfd4ead743e0ea9a34bff692042e380dc4461519d2b92e1602a25fc5cf280a52792aec3eba2354a909010f4a767e89a14fbea66838f4de5ab6d358902cd15a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js

MD5 b61e5bbde685b1a7d252b977158436ca
SHA1 92037aae4e9230e631977e3408d38a7712779aba
SHA256 69a12ef1fcacad4dbbdff948ea6d049191e38b978b1deb77fa30609504c30038
SHA512 61a5885d9b141fd66b47a73013242553bcbb34a97984ba2a1414d1849a487e365567240ab9bff71474fae131ee4f67cfec2d6badd93c20d35b1229527eff6e97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2cb1781d970b5495e3891e87f30d8a
SHA1 59f61001d96faccb6e59335a5e9b9eaab714f1c7
SHA256 f1059dd5493a8236894f10b5b28a5eb802f62096e959179aa097379406bfc7d4
SHA512 19acefb0330bc184c3b82e4999d8e77404b9594163f5783284c2ad34d5031c6ec7021a8df5eb3316054ed8c54e1810758aa6ac08763ed73c8acbb5a2d92cb004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb7bcd7a6c6699aa06024577d3a668b2
SHA1 f2bec5e8cbb47c85c55fa183a9f006c387edc024
SHA256 241ec55b78214cbc93531324aa19b3d72e93fa718d31d24a85aaaddbf8bd5b4c
SHA512 baba01907334b19fc719a3668190d226de6724678d9777476265fcf8680d2df52ec2d06c9e79ee7186eebe921204e34a32371fdb77bac2969fbba975a9c2dbd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cfb3cd0bf4f4f007d73f48f7f322301
SHA1 bf4ad56d811ef195edf80a7c03f6d2778356f8ac
SHA256 6883740cbe17ebfce8f7c7e38f9f031b39b5487f03ff13e92b54025e2b912e35
SHA512 8afde91d46f0b672db5e4fe278240394c4935d8117d1063865af674c056afc88e283e47e18e5c227c8e15c45054d08ff60278536a0bf2bd34dc385561a82a89b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\rpc_shindig_random[1].js

MD5 23a7ab8d8ba33d255e61be9fc36b1d16
SHA1 042d8431d552c81f4e504644ac88adce7bf2b76f
SHA256 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5
SHA512 e7c5314731e0b8a54ab1459d7199b36fc25cd0367bc146f5287d3850bd9fe67ba60017d79c97ea8d9a91cd639f2bc2253096ce826277e7088f8abfe6f0534b63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18e21654fd6358cc1c660a8cd1902747
SHA1 3a05d4101372d594c4e8218bb5c00e3a46a9ee6f
SHA256 eae3a54104509b77801b36cc6e08e9479c6d2516d13492957430f6c2b94296b3
SHA512 f89c9e01d2d15e24142cc08a6ec8b93140cd7aa2e8b1674b9bd3dd54851371007d5d8f1d8f83754278f4abc36c0fa642a57ee94b7632c8a20ee8d9c17b94deb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b8cde160edf02ebda2a17f4e7218b4e
SHA1 7372fcec2a867cdf796cae8c79eb5a62a2a947f4
SHA256 02f3f1efd73163c64681c06e5c8dedff12bc64775dece6125d916ba703ac8e2d
SHA512 334ef23cbef7ab05436493d2f8e2ddfd689d708c695b08c13b1de11a1344ba54d0dab5bbcfe18faa0c1cdd3d76edea64fff2c6b96bcdeed83b7ab8c340339efb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fff493f9d39c9dae3a48374f8f7af7a8
SHA1 2b0f525b9155e637b9083f278bea2306bac3290e
SHA256 3624ff602ccbaf1ca8fb283887f055b8f2e2401eee6d89228a629a0617df72f9
SHA512 3d08624b54af2495182e13ee5b2ceabd2422ac9e89a0dbc3b4a2b198896c228db3b860337d0f87262b68fc3f7cbc31850c65a007a64686163980c908dcda1d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac640e4658a5871f3aea958121a8c5f6
SHA1 f83e6400c3e44795985241c08269c400eafd9b76
SHA256 b76f72c4a0dbee4489d19541fbf3fa065e2e0392253dd2da6b78d3d564c3279b
SHA512 8729b3f35e59423c7c61c63b27d5288a6a15f5d7045282b73fe97afdfa5659ff244fb537a93c18d3bd6049b703bf26f2194f5bffe0d2c04d2d672505f5d229ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f3fb7148efccb17b02748a7fc1276d3
SHA1 f4d913389e35a2326321932c5d3b0f105d66ccb4
SHA256 550b8c6c5426a48fe187409c544af0eb4165190b500f3d3869858adbf3d2ddf6
SHA512 de65f1e3d15ff02c64fd35db6032e0ab9e3e729cf1ae209d2e024b6ae42a0da8102698cdfa5189f79bb1e3a490e0eaa503b7f3bf995b447e391ea57c2c732e3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ab7e95129f19f6220ffd32fb2a8567
SHA1 338cda6f2f5c941d5fc8a86619d312072a3228e7
SHA256 03f73f99d07a0670dc1bde7e03edd0dc1b97f2ac34a81820dc08defbd598d149
SHA512 0220b5304e720879890fa23ed57948a3aba4657edd788a6ae27b550e3306ca46233057724d0836739a2ed43c8158c82d08772579777e3a181a7af52643ed9187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9c636c44bc1f22f14e8883f277f1e9b
SHA1 5775c7a424d0674f76c5243b0c4b94228e390b9f
SHA256 f598d27b072ba2700569284d2180f295c27d847674ee353c143edaaef3e447c6
SHA512 ed36281760ee71e53f99158940fd5e8af0079c80b204af2294854bdc0b43893124115e147aea3e92f92c5a046fcb6cc5a63ba444b83d440fe39f21fb96119c31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a941fd757e52fcfbe4da8fdc52d478ae
SHA1 1cb3d0b4afd3727c6ad9035f3bf9cc00875baafe
SHA256 d694b037898c2de3c974cc83aafe4c453c4bf8ca68c1bc0f46d40b83b1484948
SHA512 32f8fcae6047e31b3a08f754bd1aa944e22eb901f502bd42ed7a3dd295fbbcfb4fe36cdfed3574c8acecee4315e59b5f0d5fca22066cec932325c9f4bbbdb661

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ca4c86de60936f0dc343693ada820657
SHA1 cd0f40260ae655e922b6c0f10437316c82a3c642
SHA256 47da1f36dc3056f2176a6172e87e5065bdacd68fd7387d605ed1d26b02ae8ec6
SHA512 2c414356f0f6ca3274a9a6b83671899e94fac099d3bc1f2438eb34798e6211584ab2be33dfd38f9dc8d7c96c114268699fb5dd1fce36356406035fe38d34cde1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d145d71550d535a5ac8d1309ea246a3f
SHA1 2d195d5d92c9898a2e8ee8125ea9822a49da6ccb
SHA256 db420127895914a71abee436f8a8cc5f5f468a5b6753c06994ea6b06ff8991da
SHA512 4cb4c54424ff77fa56b69f3a78772615046f2e8627bfac986c59c4365fecbcbe92cbace4d81773b0e235ee67c75791b9cbf9a049e4a65f3d5b1614b5e2574630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75d6474c11ce956ca1dba285ce4e48a7
SHA1 2e30cd5b187b39b967f80940ba12fce315e4ed91
SHA256 093ad17e07328202415ad724489917fb5e5459a777c3275f3c01a57229c2a293
SHA512 690ff7a22e4467fb3ad2d17c25d441a959685b2d2bff0c27d4a25e8cb3eb070ef2ee990efffd4408d50a7a634247806b2c3cf82fa9d8db0ea6c9ae326d174342

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:39

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704e3dd55bf1c9f33740c5fcfafb754d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4456 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4792 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5900 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5508 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6036 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6100 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6240 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 velayatqadir.rozblog.com udp
US 8.8.8.8:53 velayatqadir.rozblog.com udp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 s6.picofile.com udp
US 8.8.8.8:53 s6.picofile.com udp
IR 79.127.127.68:80 velayatqadir.rozblog.com tcp
IR 79.127.127.68:80 velayatqadir.rozblog.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 www.webgozar.ir udp
US 8.8.8.8:53 www.webgozar.ir udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 cdn.engine.4dsply.com udp
US 8.8.8.8:53 cdn.engine.4dsply.com udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 209.160.40.232:80 www.webgozar.ir tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 s6.picofile.com udp
IR 178.216.248.179:80 s6.picofile.com tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
US 8.8.8.8:53 s6.picofile.com udp
US 8.8.8.8:53 s6.picofile.com udp
IR 178.216.248.179:443 s6.picofile.com tcp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 avazak.ir udp
US 8.8.8.8:53 68.127.127.79.in-addr.arpa udp
IR 195.28.169.38:80 avazak.ir tcp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 74.127.127.79.in-addr.arpa udp
US 8.8.8.8:53 232.40.160.209.in-addr.arpa udp
US 8.8.8.8:53 179.248.216.178.in-addr.arpa udp
US 8.8.8.8:53 38.169.28.195.in-addr.arpa udp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
IR 195.28.169.38:80 avazak.ir tcp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 rozblog.com udp
US 8.8.8.8:53 cdn.engine.4dsply.com udp
US 104.16.203.119:443 cdn.engine.4dsply.com udp
IR 79.127.127.68:80 rozblog.com tcp
US 104.16.203.119:443 cdn.engine.4dsply.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.persianstat.com udp
US 8.8.8.8:53 www.persianstat.com udp
US 172.67.210.91:443 www.persianstat.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 172.67.210.91:443 www.persianstat.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 pichak.net udp
IR 79.127.127.74:80 pichak.net tcp
US 8.8.8.8:53 119.203.16.104.in-addr.arpa udp
US 8.8.8.8:53 91.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
IR 79.127.127.74:80 pichak.net tcp
US 8.8.8.8:53 pichak.net udp
US 8.8.8.8:53 engine.webgozar.ir udp
US 8.8.8.8:53 engine.webgozar.ir udp
US 8.8.8.8:53 engine.webgozar.ir udp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 209.160.40.232:80 engine.webgozar.ir tcp
US 8.8.8.8:53 www.webgozar.com udp
US 8.8.8.8:53 www.webgozar.com udp
IR 195.28.169.38:80 avazak.ir tcp
US 209.160.40.232:80 www.webgozar.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
IR 79.127.127.74:80 pichak.net tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.67:443 tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 204.201.50.20.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com udp

Files

N/A