Analysis Overview
SHA256
9ecee91ca9ed94896d2cdd52321926f53cb763da96e8be7a8d0f8024b3552df1
Threat Level: No (potentially) malicious behavior was detected
The file a2ce9a8a13f7b4e264739c53e4405f18_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:55
Reported
2024-06-12 22:58
Platform
win7-20240221-en
Max time kernel
141s
Max time network
142s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008fde7d50bc4938488f5d482dbd4cb9ba0000000002000000000010660000000100002000000022cc7c67171d4f18f45e8491831c40b8a31065bc7d976c746942013a2c01fe14000000000e8000000002000020000000e00fcd66228f74f4017716bc179194e5de3de73a1d82f45094aa98244a45146a200000008a6ac38674e6637bc721af2dbbab1e2fb3cce85cc5526835f24381b2ad55f01340000000fa5cd6cd5862d9f68f85795fecb8fd201dda49ac50f3e06c4a4c1aa1c8eb56b5cc5372406fbb65206ba59bbe2fea1407fc71943cb734042ade713aa5f19be93f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f05757bf1bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424394816" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8BE4F91-290E-11EF-9267-5267BFD3BAD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008fde7d50bc4938488f5d482dbd4cb9ba00000000020000000000106600000001000020000000a73338bd5124adbc23e51a03bf5c0d5c73688102d8bb6573b969f8c07b4b474e000000000e80000000020000200000009669c58d3395a511106bee37ab76b6b597aef08ce949c8a0b8f17a2dc8958c7b90000000de1192327ba74c2a88619ba76fae41e4cc59b9b1fd985a7b1fb2566a51f0d2a2350cc5b33a69e8d36f654b6ec5a55b05c05131d6687bd087d72125725bc26323da15344cda16b00fbfaa043dc05bcb8d9d3459ff29a83663fac40d21ff44d9d1057ebde38f621ce0c3d0e20ee49b20bcd88c07b68a7b71f713ec50400b6ba7582b26f1462c86cc7054b275abb2b2e9fb4000000016f75474c01b4b6d26aad64f15f39a574a8006c8f94d2bfe9a776c765767b1c8542aa29fbfb3533baab98cd141d8f8e49090d2dd68382d7a42d6aa474cb8563a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2940 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2940 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2ce9a8a13f7b4e264739c53e4405f18_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| FR | 18.164.52.90:80 | w.sharethis.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| FR | 18.164.52.90:443 | w.sharethis.com | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:80 | www.mlawblog.ie | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 172.217.169.42:443 | maps.googleapis.com | tcp |
| GB | 172.217.169.42:443 | maps.googleapis.com | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| GB | 77.95.113.100:443 | www.mlawblog.ie | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar30B4.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab30B3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4df01491482f7c9c729f7f8858c44e74 |
| SHA1 | ab7cec9734b6abaede52c98d5eba80b9836e0cc9 |
| SHA256 | a832a312445f1affe091134e45b027836854169cd3d8a5f425383775a9ce3166 |
| SHA512 | 65d17e5077f285dda5e305a4e0aa0d7568d06edb66fb1673e1ae7d2067617d71cc8cf0427f512f7b08891489a790aa8b82070160e9a1c32796f04072b7e3155e |
C:\Users\Admin\AppData\Local\Temp\Tar3186.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab466839f27d0f6747617e9d2712c03d |
| SHA1 | 23dc37111413bbc9d281de38e3f0e2637af0a2de |
| SHA256 | b90b89e890d05b2fbc43785db9edd9f910a050ce3dd5cd7741b624e08b4e8044 |
| SHA512 | 3bbc5f016aa37430af80280dd3b568fde69b7a392ce310c4896700090e0142d433b5c38d7ca651639f36c64a18519cc9739e6c8702a16ed31a66134d40310471 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22b221bc96a1d1fc406ee207de9a4f04 |
| SHA1 | 2d3e602fdeb5f358bc2cbf097e596fd5ec460d25 |
| SHA256 | ed6035eae319bd5c0e0b646ae622e8dc6b7b438b6c6c7d2c38c8363fbae6f322 |
| SHA512 | 494ef448824298b12613eb7d6b581d90a089fc7af98959dcb22a54e53c613ea08ab5fb9a6924d3ebbaba3f6f786ce4b45a73f6a249fba89e1c3fde0e83ea68a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb5bcbc66f9b9c2f834d117889d4908 |
| SHA1 | f3b72d66fad533d23a7abe5eefd2cc7c12792a90 |
| SHA256 | 24d58ec992b5495c1edb8cd3442f51f6d8b697f3a159116ef9fbe1a44ed35f6a |
| SHA512 | 33f16d3c1e280c774ead290789b0dd8d9a1411db3a8af99f5ea9f197ac88ea8f226bbc87f29ac8719b0a1a85b87edfd0e6c5180fc24e6875021f8289a43de385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 533cb8cc86239faa1d100a6cc9c90ae8 |
| SHA1 | 4c8ccb061111387a4f9aa6d516537f22c83f2a7c |
| SHA256 | 6bdac9cf168ec64c939dffadfa7d9b3cccf1a79c744cbd08ccfbe39b11402611 |
| SHA512 | c965c42e5a0142d8f30bdab717ff660dc91ac9e0affa83381d976b3b76732fb432d8b6d4b1ce555b548b131da5cc5086519c7d8ed5a377ce44d41e1ff0376f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dba1a3a363d6bbb46fbda0156ea02d99 |
| SHA1 | ef86bdc11fa7cdfda2e5296cc218694dbb4a1fc1 |
| SHA256 | ce818d4089a0c348ffbf88ffddca21b8b976a23ac0744c6be8e2856b4d89a7c4 |
| SHA512 | 9b92ffcb7f6cf535ba2d6e8f474dc8275f1d9729e1ff09c6b8e3efe0817337abcfef5ed9ea602afb1e896cdddf6606ac9b73e04c14094924b56923c4d62505ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48183159685480d7eff246f3618a6003 |
| SHA1 | 962f51d8916f30d1a5c34dddeb0f050e078b530b |
| SHA256 | 6b710740c8976578d03f8eda74cc76340c9b43c403ec514f810f88352e3d1bbb |
| SHA512 | 42812b56fd2775c4595e2cdd7ba0f2954874dec1687985c987d5680df59387c6fcde1806d51a606405dd4b603fa50e68f76fd1ce1e0b2c4378c87458ad967dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faa2caffbc9785997e5f90817eac9910 |
| SHA1 | 4a8541e0e39d0308637ac2c9a9e0e2f3fcb4e36d |
| SHA256 | 96dc2312e6ca80b8ca52747789786e9362f672d6cede8e0f73d4148181c28618 |
| SHA512 | f264b459645045c39b29b728620b02b154bca175026e0dcc218fca1ce88a43aebbfd8b83a6c61fe835c8382e1b521f7b504ee627c60e62c35f26c84bbf5a071c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b96e5433ddf39beabfae3c36886d2de3 |
| SHA1 | fbd4a1100d157067bc7d2b4da24b35535a6c6844 |
| SHA256 | dcea02ff7c61f4aa6b11b5e0526bb61f9c44e38ccd045f85ae93a86737b2902b |
| SHA512 | bd24df74e11425cfcef8668c6257cf295ca57db304d814bb8064755dc5f37186859be35063a9a02dc8259687207dc2fcb24cbcd27dd0159e73d332f24b20ea63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8294de006240a0d3170f2c4126dfa7b0 |
| SHA1 | 2ca86818db3467e9e931b370eedd7a74bb7e2a16 |
| SHA256 | 3883e79899507efeb867368b075e1d9ff4e1ee14687522739dad3d93bd263dab |
| SHA512 | b907216cbffb6cd048ef5b917d5af3ec9c0ab2267a88edef2849306399b03d873d6ef6f69dc1b069fc493f64cea06d5e7a3f16958e4317434e09ff88992f94fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0503a4709d953c818b68a9cbfe4a7d4d |
| SHA1 | 3a34b62434326854405bb10751cd0ba9e057c37b |
| SHA256 | 0daf72db5cdf9615ed90217cd19c6d247bc629a03f2a95fc66eb87e59ff435d8 |
| SHA512 | c57cd914e4d9faac1c4b35e916aed3434012b72aec1b8a151f228cc9e843f9ca8f3b6fa467b7cc5b8c15be983ca0817f350cefd7745d23d2341f2408be3f3394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c214abee5ab0d6b5f2f497b909910d58 |
| SHA1 | 0146cd7cd181b3002825f618850ff08b85b27347 |
| SHA256 | eab06d4b52377a67c81ca27f06c4b58904b86dc8f7dab0cdbf59da2b57b9d36f |
| SHA512 | 6c70c5195471b6ae7fa8b874dca0e072a7a28992c5576b47d28ea34d3c1de69bf83249a1f1a77b0056c28815ac48f06d50fd8ba15f4a1e83676bf6271cc6c412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7454dcba52bb30f33a8a8ec462117260 |
| SHA1 | 39a019dd5995d9914840a31b2f46435151aa7ea1 |
| SHA256 | c05ec3677622ef124ef2db982298c910496dd7481811798d8e06266cb7837f16 |
| SHA512 | 4c9fb517918296f96d4bb2f8fd7d0083bf3c216a713493e9150e97d9bf8a8e0f53f674a0fe0edf275335e42c15e58fade9a81fd9990893fc64adb41e584b916e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 22782d2bd06b5bccb1f9e53e910fcf82 |
| SHA1 | 6e35b65d98e4a0e442a906d66ecce0ce8128c27a |
| SHA256 | 0489faba8ab94fa75d2d01a992c2c130c14aa8b13edb3dbd384e2266487e3290 |
| SHA512 | 55917d463075495f1cdf4c8f2dc2009e806166767ccf472ef53f32e645c1dd2373d076d8b8ab6cd01c8fa91e00d87f67e143801daef714304148ce80dfec0554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b80c4c3e37ce6fab033e0859c52b218b |
| SHA1 | 6b2888e30cb889930faf71bc2af01a7e8ae9cf0a |
| SHA256 | be836ab9a22a34ad8845c1c216e1c4b02df5fa2d7eafc554d59e26ffb27d51c7 |
| SHA512 | 9f09d04a1c3f06276ddc6ef5a441ac23d8c00488b9735ee8909a31135b7dcf3ecd97c468e54168d2cd4580616703fcfafeb4f0f190b07b68fa1b066182d239ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 706b015b2857759dc3b1de2ef28f619f |
| SHA1 | e740ca89bac796fcab1618bf124c7e11d670372c |
| SHA256 | 7f72e4ddc81003831ea87c480946f847f01232642daae0526bb40e74a26dd59a |
| SHA512 | 0b1c7100856eec9728ca7110f77ff15b6a78a4310a661824977eb875849fa1cdf01fcb6c1492138e56d6fade3ded566dd6d9343bd6e455e8e0d8ce1bb25010f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | facfc00dcaf4e1b7392eac66ea44559a |
| SHA1 | 69bea868c5b93a8f0e59295575dca323aad694e8 |
| SHA256 | 1f9365fb71d769da844f5a1b05861ba8c575eecb6bec93ec89f57bb6c66032e9 |
| SHA512 | e3a71bd08d88adc99c2c556a7d6763ea2c9f49796f41dc04a3ad56ad010490a93f6f317ba437d6757c9ad28d34ee78bcd6b1811aa47a17b303f192fdc32f7753 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 352c6cde952a28ed900cdf7f00e05de8 |
| SHA1 | 5acd0b7321244c895e3261e57647a65165902756 |
| SHA256 | 50495aca23f5bb06fe7f1d205f66b497b732f25668b08bbf243531653ad2c130 |
| SHA512 | 099e23a313d17251008a800f82a4425bdc5f5c42247467e87892089e9ca908b906b2b395b0a564d7f1f42347fe09cecbfdf98726fdc76e9e0acf728447d193be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4680eee4112b89b852e1a669b93328e4 |
| SHA1 | 6281a1683ce2b9bc2243d16aa607e2c7e02201c6 |
| SHA256 | 214690e15ed2396b08a6fea5326347b13e0b9f84cf2cca13e781aa4715a0b12b |
| SHA512 | 3b29edcc54c4608ac153f64a3b8bb6aea5f7ebe907a676f45e3fc16ef965924a9c80cdddc584509d6b6dab2df9ea0c8bda50e25b040ed4dad01e6a5e2556b927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7aad0af178ca119f34c629347e6158 |
| SHA1 | 48410d0c295e33dc9259006d1fdcc490f6757d28 |
| SHA256 | 7607a4216c471c70e8ce2754f877cb6f387f16468596648020259a07ed3446d6 |
| SHA512 | adfbb629da29023a6ea4fb41c727f19d5daed15bac7cefd9ca998eed70cf8c879ea4e38823c9d9f187a10fb841a3d3228a14a5fe89c78b823dfff9cbd777de90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7adf99873096e95c3ca7001804d4528e |
| SHA1 | ccdbe5899508f902cc6a8dfa7ab74a3e229e2470 |
| SHA256 | e7bdbd44e80b9398f0f138801bbac87453b6534a7b4bcc907add9848a8905c5a |
| SHA512 | 2a69c87e3697ed81d79c55b5f91cb08716e3ebb72901aa6d5772c58a1cedf14a47a34a89678a98effbab04756824e42c46fea9f8deb3d355131af8632d35b734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dac5149203dec4af5c834ae400d90aa1 |
| SHA1 | d7e11fe4ef16e99ffd69518627ea48662fa23936 |
| SHA256 | 8948c711583379b67956b23142becbab66b6602c7168a253631c0e4374916af0 |
| SHA512 | 87e1fb2320e5958cba3e603dbc994d564372f785f1916bbe346c2b12b20c2c0beb32d567fa179c5a482b8c64c3b4fa179991565200fe7e154865c72d26db851f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:55
Reported
2024-06-12 22:58
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2ce9a8a13f7b4e264739c53e4405f18_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4524,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3808,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=2828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4396,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5460,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5484,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=3000,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6092,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | www.mlawblog.ie | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |