Malware Analysis Report

2024-10-19 09:37

Sample ID 240613-1drlva1bkg
Target a6a9c4892f53bdd58934624507d78861_JaffaCakes118
SHA256 ada110c7f8aedf9a272a72cd4fdbe55f04ad80d25cf16dbbce6470b4cea1df36
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ada110c7f8aedf9a272a72cd4fdbe55f04ad80d25cf16dbbce6470b4cea1df36

Threat Level: No (potentially) malicious behavior was detected

The file a6a9c4892f53bdd58934624507d78861_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:34

Platform

win7-20240611-en

Max time kernel

127s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a9c4892f53bdd58934624507d78861_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476209" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AC42F61-29CC-11EF-A381-7EE57A38E3C7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000001f6dc3b34ea80530c6d8240a72120d2eef38b65af5a1e9823af1aecec17ee99d000000000e80000000020000200000004ca37facfbfd795479713d6bbe65e7bfb4e7ccb16a39c8f780dcea7ed32e950120000000dae74f6348c6d33a4561772c51acfea7694e1b9da78ae25dfbe9e3b3d8c8ba5040000000eadca081b631314b4584ba24472f4c6c8cee7036c6252e9b0e4a449c6483187f6398e03708bc61a778fd0a09e8fb85d0437c86c1c19e62837681dc38e01a0083 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000073e0d46f6e4f3b73f9e722fed3d19e7e05f3c98264b0d231c99e9cf705e07e65000000000e80000000020000200000009af6052258e039c72efd2091c2d3265177e85252417042a2b089e508bf2838a2900000009bf54f5400d6c78b43a540c9e55b906d66a216473bf778086f12bac0847e542217defc96580ebf1c2e21e4370c30216d63dab7c56ca97447475103c2839f51161242293da0918574630a0fbb8b17d6a461c310ebda9fced0cd8b83b3a21f4dd303663a1d44c0441ae9e61185f7b8a59a33860d631637a75a7f0e048fe5e259acaee4de7d31d858f71d6d60e57b1ffa8b40000000fb2ae1d08a7a1f2e94edfd637bcf236f792cbc51667f79bbc75313817590c9c46d3191a1ea069ac42ed6541c5cae8a18f1f85dee94883693ddbd233efb7fef92 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e7a543d9bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a9c4892f53bdd58934624507d78861_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 apis.google.com udp
BG 18.244.87.45:80 w.sharethis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
BG 18.244.87.45:80 w.sharethis.com tcp
GB 142.250.178.9:80 img2.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 54.241.51.109:80 bdv.bidvertiser.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 142.250.178.9:443 img2.blogblog.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
BG 18.244.87.45:443 w.sharethis.com tcp
BG 18.244.87.45:443 w.sharethis.com tcp
BG 18.244.87.45:443 w.sharethis.com tcp
BG 18.244.87.45:443 w.sharethis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 trendwallpaper.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 divine-music.info udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 76.223.67.189:80 divine-music.info tcp
US 76.223.67.189:80 divine-music.info tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bf644c90dad16a56065352f2224401fd
SHA1 9923dff056c636e7e2b2b29934fb9277b964de86
SHA256 e3b610045f59737e948b5163d5c7dad6e8df447491897a7a6a51383639d10271
SHA512 21a8d18a949268518df7cc77e153e51cef74213fcdfb25522348b83ec0daa3a484a05f1b48dc89e405bb559fb9283faf9aef6abd288479a74732060f3c674b85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a08991b3b3149042115bebb75a76ccc0
SHA1 4f1a11c57b43422713fcb9c7af450a3a547ad11d
SHA256 827224a17beecdd911e49e0f09ab9665246f781744d1241545d6aefe2e67c788
SHA512 dc3f8319b0a7ab3e3a37447cdd60b3772bbb5e73cd44e9e58c2ad979dcd68f48f675c8a0a2626e9d3af5d4c664a9dcc52b786b69946236d8f89d12371d987fac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6558ba5114e14fc59215fb83e0f54ca0
SHA1 9c2b7a948835b0351bcdee64f2567276ad098bc5
SHA256 375713d122b1699d572bca50584ad6d497b0f7da13f538a8202f1d377d970a5a
SHA512 fceed4068af08ab1bf816e7b8a474a7fc22a93ebbd8fc23687c9906957c625d022ad524fcf0e849b136dc7dc09404a96fe610476500859989ed57fd7041dffed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 68108c40d707f51a981c663695a6f3f1
SHA1 c9babc19feaea2578a5e78341826f1922f2d2312
SHA256 914faab32ddeadd4bbb6431ceab83c1ab2b6c2683dc9e9f7887649544f86e042
SHA512 c5b3f1706fe7ca4e1c70145bc63168c041bdcb5ebc4c091f53a26fa49a85cef213196e383b8ada37e74d5abd855fea93805a371566444159ca1f7fba88c9e928

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 9f1eafc97d92e17b9a009b6d397734a7
SHA1 e8e803a6e7f0c7c9c5d4be71724c81f82f160a96
SHA256 0690c5bc044e37ad93117d42e22b2c3df4006ac69924154e4ed4ad12142cf385
SHA512 ddd20b867d87754383b1ef2983b21fc1113db6134ed0acddbbbdfaa379524bf1b7a2b043737cc322dca82910e1cdb06324dc0eff2285ecb777f84cb24fe5924a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 7b1741c1b825eb84417708afe78f926a
SHA1 038bff19848caada3c89c839eb0772e666e87092
SHA256 1e645ef6cde8e774d2958f4e2988ff3470be621f24ce874c929426fdde8a22bf
SHA512 aef01e0fb5a52894b90bba998a9033e14edf4ad2dac1a329a5a13709a9157fde4e6c56cc5504bda373ee2efd1191ede0c4529072910dd8a7550ee16069094da8

C:\Users\Admin\AppData\Local\Temp\Tar3B51.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab3B4F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 064b101fb6f503ce384d903654101eea
SHA1 500baaf88be4e088257ba9fce60638fa9dcdfffd
SHA256 46c052a8fcf0b1453af72ba591afab806fbeea46df4103830f596ca8c60e380d
SHA512 a7b0ddaba34542ca186b4a0c817ce69431ba2cb918ff5e88abc501c8c95796e4a6f4e9eb06d3697ce40f47a70b21ff23063ab10c2e1dacae758417e6b7792050

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd4165cf3502824cb303a12ef6a8fb6b
SHA1 e751318c0914a2d13144e3e27618e46284430523
SHA256 af4b86a423c1a4c43a8a9e8a6483f3d8bde5c71eb5d369b9bebb1d72886c7d88
SHA512 52eb95d9c54a152b77786904f635f3ae241ab834850ead99c6190095513d246565ac5b8b187fecd88c7f9f3aa4032082bbdae29a101dbb391f80aad44e3fc8b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0DW1CQS\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7812bf194b75650d0918f792c2120b20
SHA1 af6a1486b1653a5508aef5cbba95552d29cf746b
SHA256 f81bb91b5f42c64e43c74330b302edf7237b8f4775cdf41a35ad27dcb71431e6
SHA512 c36ae79af1b2202767fcbd3cb7e0ae9a4875afc86dc448875a222dbdc1945792fba5b23c191ebe187b2682e515a088120f304cd9d0ce9254b61c68ee0adf9412

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7cc8430eb13fb028eff3f721d1b1111
SHA1 30edfff488f427690ccfa7d5dcccd027ce898dd2
SHA256 121588967cabebe114ac8e72f6fcfe3861b6f20e85eed64c9681993c9d06a2fd
SHA512 94e0e3968ee809eb18a8c248acb9daed251c6a61a73caa42645e6ff45fa14d08c7ebb44fd1da343332159c1acfb3c96a59df3f638519a013e30123de117df42e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 075b473489f20dd6c88744a5e323bd22
SHA1 178b013ce40e793b4a8fb907bb312357d8491d9d
SHA256 67be610643abe4db283568e781d60436c2cf05f24f8189f7c4dd8632c9789c89
SHA512 f99a7dc4ee7d9ea03f886f7016de469382c177b5eaca33f2d4bfca0ac2d678e7bd70a018c6f8f22dbcaedb7090781e7e301ce02f317bda345b4f017aa1fc4274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af311595253f500237ca9de526d95b52
SHA1 83de82ee37087dd1803620cfa65766e2a6254ea6
SHA256 f6acc516aba10257c51af22b1986aa98d76a3930db36efa7ebdc5a50fbaa70d7
SHA512 d9d7a213b0a59c0d370f31567b8554953d59fc7b5f3e344ab67302610f6e848c1e5c807597f0a107a14c3e1ce0da2d26c83c56f3f55d3c266c2c37f8382f1afa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c59c45d6a495576d1be31cd84c19cdf
SHA1 c514479f0a98046b64d83532bee2d80730bfff59
SHA256 fabf564dfcd5477354e60ddb98f8df4e65a564e7b7d318d7cd11f62ffc5269c5
SHA512 4aea8a4ec66ffac1e832f9c3ebed45181edca623bc0648a746ec36fd6efd4bc25fa74c96c58422a39790648ddd9b025bdbb2499e784093de1d41da7daaadfb7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c748ad3242fd23679b7f7d4c13e0b6a1
SHA1 cc5605bcdf4e4b4518691d26cd23c458b349c19a
SHA256 dacecf2c91db12cdf55f592e6f00c396ae690093e75c14d99d855a3a5aa410aa
SHA512 6a1c0dac758cb89ff31b2f0b76d0056ee43777a55f183cd342ed1bfc4b6719dbe8a4e48b6d425cbea623184dac3640c0e0d5a7d14eab7c75d06ab8bb63ff6942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8595983677c4b8797dddebd0bfd49876
SHA1 57f8be279c6e8c141b78b2e9c707d4152dc6644d
SHA256 b7358a89d348798f87ce3a8d7bb17742e110a29fe0427dc1bc673c8413aacf0e
SHA512 daaf8ccd8665d08f258406f6307816eafbf393064aac6c9d3215945b2b53d547d70988c0c47e6894b427285f685365435154da3929f85d9dec1cba922214d6e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf1c7b33e67ec82b416bd9a6bd5a2a00
SHA1 2acf513c0698b78a916cfe6c4551fda01a3b588c
SHA256 ad7043ddd05acc684ce63c245e8779ca375018ca3eb7785238dc413cf8797de2
SHA512 a432a55a5a7501c610db05b4a7741000fdc38c45d35d284841405561c29b8e27841c4d58ea606a7831dd27058134ea038be2c8c70aeb4012194d2b3666d3b710

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3644fe319b578a69506b5fb91e570740
SHA1 6dedb7ae0790859cc83e217266b1c333b198e2b3
SHA256 e33eaa65a4d2e5a5652ff15d0eae1853ac6700ea0b204faf4bb1436ec4b0d737
SHA512 658d74ca8916638c8811d933f75e50d23e1981c247e3a89825aaa373678918345e3bac63653be6545fc7e4b2c97228ddd93b476a8c8ee12229ddf654c03709ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e99d2ad1ac2fb6cadd5667308eab6dff
SHA1 6baac5ded4e9e397e37e2554a463d1dd9f318d79
SHA256 93e072666f4b22cf9aa0ef080a972e7b211631cc7161243920aa2c881f4c8029
SHA512 a2844bb19c4af574dd7f79f434fef9b09edc3276e1ca82c6be84d24ca69d919a78d8253befdd70ea233545222184cec3b39633b61a87dc076044a2a3d0b5283b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0755ae5e9d2f687b7632824e2efe502
SHA1 3d5ad3f4fd9fc6145e1c1d5da6ad805188f1745d
SHA256 91a43a9d068e48a02850c393d3ab7bed795a38cdf0db7176529d2cdbe6b5b759
SHA512 b04cea5dca5d4445379395e5ce79711d9da6dcbdb0dea7c0d9a896e542663d981d4ee289d8e72b3fedb6e2aecefb1759551bbe21f1b3b9fbdbf4531f4873671c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b479ca4f41aaaad45ff1e7a06a749ea
SHA1 6789da15eca91529e4d768c1cd484a0d8a940d48
SHA256 baa74c318c239df095d6284f88cdb551f55fa347ed4fea53291d962db457f82a
SHA512 96d6b39b494ff441231d10d0fa9f838aac592041f777e9d1dd5e95826e23f7a6961d087bb99419a96455e4ba4afddcb7e782b9376f9784d1502f84350fdf04e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8183a68054c4c91f7ea969f04f669b34
SHA1 8185f4b12659010033db2c4a0767792d82c8f697
SHA256 47d422351ef0a5af9c30697c13e8f087c2fd556d81efe5dbe02401e452bdf2b4
SHA512 475e1436368c835a564eff3ac35b98b77b74570cf90f03c74330ee09daa82eb096daec5b2858538eeda6ecff35d89719f8d2e57fad9189628bfaf4872c91b226

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 476b8054f40b1f539b7e548b83e1b0f5
SHA1 a1bc1f318a1173d0efcdda5e2dcc2c4c57e0679d
SHA256 2af40e15b2a408d10fe54dc60b499ae50b08e03029eaa08c7a360c34034db3bc
SHA512 d44339d8708c2ed0a912379fa6303c71b3a3ac8fbf1095bd8fcb416bbfa0a75b9b7903940fc1e1b8ebe6a7db1038fd442d8ad642f4296b19d2e67dca2056b3bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36d90d00c6cd39cbd5dc8f004915b938
SHA1 382761eb0fcfd1515521d574e911e62ad319facb
SHA256 8749c240fb9b71478d05a5b6758003e46aed5652306d8a2bfdfc5e755bcf65db
SHA512 6aa5983641d85a6dfa94e3dac471c7bdf1b66afe0960102313d23d537c76ee0fd30806f5503dc294ad93a5e0bfee2c97d71a70d7efc39e033de2179227fa837b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5114000b1d0b56aca2681f1bff82893
SHA1 f0e590ddf460874227be388db63461015d714993
SHA256 8a5f18447c97e5a1cf51a5f856ea5dd8e90659015fa64978be2358375e17afa7
SHA512 1ec31790ab85c2d4ccbed53141a0700cca6d1a8c92cce28916cf0cfad9fca081372a8a5c609d264c72f3b1b21e456e97ac44139faa67aed2b45a021c0e809310

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07d25bfaaed0d8578050a1eee18c5bc6
SHA1 c94f51e8bbf88397bda936dca0f700632d0dc8f7
SHA256 f56f68b8dc1faf001ba768dc0c782540878163c9a8d2e7850b5b1294623ae1c3
SHA512 145aa1db5bac559e0b958ea85da02e1ede5dd9d4beb22770ffcb907b2b046cccb875b6bf77be6d24bf061b8ad46f19a20895922180ecde8da59b14970a1a4aa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5bcc0c11965b1d6e03bea2538ecd1db4
SHA1 f7626f8405622a32b824a8214bab6ca33c9c55d9
SHA256 72f71de761eb1dfb9c067d2e5ea8ad4733783098947d858f11df38d151ebba61
SHA512 1bb106e87221025badadf45a43a612f1d591bf82145bb698c8fb35dfb5b923100fb23520e50f2bf39d8d94c1e47a9b7dc5c063184719c6c613ae671cb09e7514

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a89ce0f1d1e1b108a87cd083d8992a77
SHA1 873cc06384e7879d4b7caf5c7eb314cfb8754d4f
SHA256 e6dc2278937112b917966b319909a1c33e9beeaae3b2376bceb9e5894cbb9994
SHA512 6d7ddb9d542273b27c28e90115524e2398a0fe2be0db4b067ea5a58a8cf179dea72bfe12200c21a0f3022861a41550296aa7c383fe5170d0323ef42324e483b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d83879002b30ab3e30c09e2802ee3f9
SHA1 d7a39e369a34424f032d4907d602fbc79851a147
SHA256 118774ac2ac43ed0722d9af69a75c828c90230ef69a7db66a8d002e5ddd4328b
SHA512 be05fc44cf2d4f258b1910e0baa5a7a59a67940121e4e99c2a14e5e0e314ffb559c563aebd06e69ace0039c397e239f71bc3a7546c1234553bed913d582a3ced

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJARS8CM\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:34

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a9c4892f53bdd58934624507d78861_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a9c4892f53bdd58934624507d78861_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3756,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3892,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5344,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5424,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5276,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=3908,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6196,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=4580,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6644,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 bdv.bidvertiser.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 trendwallpaper.com udp
US 8.8.8.8:53 trendwallpaper.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 trendwallpaper.com udp
US 8.8.8.8:53 trendwallpaper.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.blogger.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A