Malware Analysis Report

2025-01-18 01:02

Sample ID 240613-ldp1pasfqa
Target a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118
SHA256 3f7780405cf76cdeb2d5271b18573dad7ca8ee5206dcc690f2ee75c50ea4558c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3f7780405cf76cdeb2d5271b18573dad7ca8ee5206dcc690f2ee75c50ea4558c

Threat Level: No (potentially) malicious behavior was detected

The file a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:25

Reported

2024-06-13 09:27

Platform

win7-20240611-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7A96A71-2966-11EF-9520-E681C831DA43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432583" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 39.105.18.168:80 t.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 hm.baidu.com udp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 www.jiehun.cn udp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab17B6.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1875.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f033087ca9501f751778c7682e382e1
SHA1 9f03bef3fce40a35713a5c47ec7e838deda872c5
SHA256 bb01f801c001d304ccd5ecf326cbb5fe05df81788a4e25b06ce21625f84ed98e
SHA512 94e4cc20e2858a4c801dc9a15117c3fa9589a9c7cbc88164f5a9b2656fb2038c7b056b28fa6c2153c46f8225da809288a1d1059084fd08cffcd2b7c1b4007cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33b22e82955ae62619e5ef9bb2de9936
SHA1 fa861f1dc63acd12159a3d081ea4c135bce2f09a
SHA256 b9b21f64ca54032cc1e30a45b3f13074781cbbbbe341f98407beea5af0417d94
SHA512 6b2d54f5eb9aba1ae798f66b841c7bab2864c00ba4551c1dbc392de8017241a03b73f33ce1b6d7f0eed8a6a961aa48c0dc50f6950e7389924b5820ce340067cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c49465e564611e7965635f74edf8ac5
SHA1 684b443f597137f365c7f822f7abd0a08d0e78ff
SHA256 18555c9120c2b0b084af3c729f7181d03169ccd9ee2f30c87979fe211cfe1a89
SHA512 a01e4a4195208b79077552210eaadb97302a279dbb180c74580e0d8599fb4d53fc6546c07cd38ff303da779b52b68709076f407a7745c2d05e618ab78c375950

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a96bb49776a83a7d76f56b2ba82e46bd
SHA1 994cbc74cfd32c38f02d9e2e889428a5cb5cec0d
SHA256 b5be0dc4d212fecca070bdd06834567f115d987532a9aaa3ef04a4435ab0f6c6
SHA512 8e2415c78d71264484d12c399bfb898c562a4f19f4c92b9f3dde33554b3ad75b3ed6cfab4910a53aee4f5482ba69325e3db6bb5107023a341a5f6ca7cfccd7b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 239269e29e1fc704c504563260fb739e
SHA1 6109d1ae595fdb7968dc6151551a8adda7fe1d5c
SHA256 83eec1596102ca69219508fcf6fc44d4647180eec052468917f1cd6732f5f0c0
SHA512 407b1457e7b06117762f3b8cfe41a72e063a0958a7e2ae788466be57e070689eb4d6c57755bca531c4a5a3d78d9b6ae7804f684cfcca9b5b42f1c765f305a56e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c17af73dc6f8a11fc136337d53c19122
SHA1 6ae68a4a2ceb563419def9210d84fe411f2b0317
SHA256 ceeb509fd178d00b9f5128b904d650cbbd6cc093bf903fdc218c3e3ccbbce589
SHA512 fd35457f213a7d0cbedbd8a6432c1a6bdc7bc133f8b7db59166923c0537239f4b2fc39a5bdacf7fdced31cc53193c635b045db82d6c5e9e071529b1b854dfd77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 478b8e8e3892a3c301dcc37509c443a3
SHA1 ae3199c3da9c0eb50ccf91b5db3f357bbb00f435
SHA256 3b1bf0eaf992683bd7dad235dbc34f9202742402dbab9359d1f7974f9acc2d37
SHA512 61114e876c4df4fa58d16d96eec369465d9a6293571e25539073538ec2f4539d43fe00a9fd0e9304f8e629f38b305ff4c8dc11418902a7f57243a1e741d67a22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b89d704f4adc900f08331af88f5cd832
SHA1 4a960a88cae89f2f0b8a1f457caa718b52da64a5
SHA256 fc4b821e56407f46d6225a0f956535de7bb91c8ee481071b71a7599ca4a772c9
SHA512 4d784b5f48463e1ae02256733c891bfcebecf6be84f03d5c35467472938c6cd3b321b265405157a528b38b336be6c629e1ce23ab89fd28f2556433a7f173457a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f485a21b8b8b525009a4116317fee2e
SHA1 fb1101d8ce06f8efdc73119598c440f937d16e1b
SHA256 b64ebe943e0b054d7342dfa31570f880d9981735aa36c3230f97f2ae57db70b9
SHA512 e9b183fa2832487479d8e04f055e3744c3c9faa193383f5cc5effbd166692fb15ccdb85778cd0d4155c863bff5d30c4bafd91b7916ff34f211beb73ad63b11c5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:25

Reported

2024-06-13 09:27

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d672d1a8356913a395ae0d0f18523e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4836 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4900 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5256 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5808 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 www.googleadsl.com udp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 img1.jiehun.cn udp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 179.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 170.178.222.41:80 www.googleadsl.com tcp
CN 39.105.18.168:80 t.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 39.105.18.168:80 t.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 222.216.122.35:80 img1.jiehun.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 www.jiehun.cn udp
US 8.8.8.8:53 www.jiehun.cn udp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 183.61.177.35:80 img1.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 220.169.152.35:80 img1.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 182.140.225.35:80 img1.jiehun.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
NL 23.62.61.136:443 www.bing.com tcp
US 8.8.8.8:53 136.61.62.23.in-addr.arpa udp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 48.192.11.51.in-addr.arpa udp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp

Files

N/A