Analysis Overview
SHA256
8c3e7b47de32cf434c1eda616d57c0cbf11059d5c6f2f9d6a1434eb8266eed33
Threat Level: Shows suspicious behavior
The file a4d948fa8647f17af4de765b6c243709_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:30
Platform
win7-20231129-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{409E57C1-2967-11EF-919D-C273E1627A77} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f536fb7207e0c44aba822d3407798d540000000002000000000010660000000100002000000068ceb8047b1e8f586c6fa102b5d62e46e6067fcb91353b409e60fec90ebea1e8000000000e8000000002000020000000f3841af8af395cf806c23a46bcf2c5f6023bef683a535d8deadf5a9bc8ce7438200000008cc6accbe5e756a771f74a8f33037550e21d3d01860df044b8594f74ac07cbd64000000057067b7abd5059116e7f11409e51d86121c5a8e460c0850022f10399bd874232562cb96238625a6f2b277026f290510645764ae6efae63e6fd330b7a2a0fa648 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432759" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1016991974bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f536fb7207e0c44aba822d3407798d5400000000020000000000106600000001000020000000b4f39d4deb5a73b505ce0231984358e7cce6048a50090b31edf220d7b6a38500000000000e8000000002000020000000518adc8326521804872f2fb9dd2fb3b1beb0ba74bbfe5b94abc12fc33e55c21190000000eb730f634844a9a34a4b22ee751620b13e942f441055d0ed6e910e0ee6397184fbf270dfd3cb2e9af269e309fd186d1dcb90ad127d2141e93dcd681d014dba997a19b021d67d1e155efa0153a18912eb8034556d1761f3edc99057682a4fd78d8ca944e9c28f943bb2d779a1fc57e88b520fd9fd03d0d2e508b41f35748a15eb8040364072372123ba631195d0fc824e400000005aec2a9550840163fe098cd593e2a5391c6e26914898136b23a918be21463bb680b74c7c7dda8f2cb9224116680c67ad0899b955c60f02407584c2c89defb653 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1044 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1044 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1044 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1044 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | s12.postimg.org | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | recent-post-techkgp.googlecode.com | udp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| US | 151.101.194.137:80 | code.jquery.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| NL | 142.250.102.82:80 | recent-post-techkgp.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| NL | 142.250.102.82:80 | recent-post-techkgp.googlecode.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | s24.postimg.org | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | trollando.com | udp |
| US | 8.8.8.8:53 | corneteiroonline.blogspot.pt | udp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.1:80 | corneteiroonline.blogspot.pt | tcp |
| GB | 142.250.200.1:80 | corneteiroonline.blogspot.pt | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| NL | 23.62.61.88:80 | www.bing.com | tcp |
| NL | 23.62.61.88:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1084.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1309.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 48ff886a6393cad40e2bad34e3885715 |
| SHA1 | bd5bfec859695cc2ebd2714003854dce9ce3fb42 |
| SHA256 | 46b188eabd12c748b7192ebf1b14c3c9ac649d058c2ac26ff45168860f155675 |
| SHA512 | eea2be29c88c9befe9a6e050fb11848ac1a70aca746e79f806397e4cedd91014cbf589d6c68786059768cf8d71eacb46c2e0ecfd1dc0bd15b68445b9926aa58f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GH1AJ40\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e4cb28e9272280736d8e4ecbedc67b |
| SHA1 | cdb7e4fa97e96b254e892d03c482560acc5fc98f |
| SHA256 | d3cef8d4e08436c1e68dc9fca784d381aeba760c4822e4b49fce221dd426c10e |
| SHA512 | 482fe32b8d561a797ee88886def692138cf40f0113f9ebabd13a4a66bde4719bbb0bf6b59467bd715ee020f8a81111ae0d7bb91ef9fa69fdeb491c1d8277d79f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c2a97d8e9dc429701d2f356e874f8d9 |
| SHA1 | 2acda10ac751fcedeaffbfef39ed65e72a36bebc |
| SHA256 | 8bf973c13d986c1ca632e3136a224d6485bac82edebab88c0958398db221e04d |
| SHA512 | 01244883a34c221b3976beb009e95f55bd335d6be1ed131f2a9ccc8846f21e82e7c1ff03b65af3e1450cb41eda66b733b881b2d8a5568dee7243b5b9f7e051fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ee99a63c3c3a7f5b46ec038240d34b9 |
| SHA1 | 66f4994734985ac522e96f6459b3d1870cb74ba9 |
| SHA256 | 7dd2409d9807d2aa513ef592ffefcfe38f0b0f2eccc5524256c9cc17ffbbf030 |
| SHA512 | e0c476c31105910e76adb5daa73b1a233d591efabdb2d1a7260954a16f8deb1cae327b24be25c405c35f245b56b926b7fd927f96ce22db97bdde74910e918d3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f42b8787d4b517d3c60ae18172b00162 |
| SHA1 | f10281527727b2d90ec0566e5dd90255e44445f0 |
| SHA256 | 4bdf4bcbe2fe4caedc43de22cb6c0d9cd3728847a96e74635bde4001e84dfa6f |
| SHA512 | 276af1c98b5761dc8803db96da46a0240b8bab283b6265aa7beaf8a11cdb030cede28de76bba4e8f9c5550c34c948bca8a2edf936a6d1744b7a142ea0de81936 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a695a80904a999dcc117dd7349f4bf9 |
| SHA1 | 241e1ac9d8bd7afa2785b0c688aaf9a6a5f655f4 |
| SHA256 | c8dcefd143ce5710046d06bb89d0f52af0e4f5afacd336080334c32ff1c0d1e4 |
| SHA512 | 2c6e2b0d1ee1bc62f37a167bda9a5538d326e7024b81afe78656380c05e691243ef7fbb97e4e7fd670e8b2d90c7592470b9cdd313d756048a589e900d41166fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 991294d1cd9f2c7b21eceddcf816c7c0 |
| SHA1 | 219c546403669a207b74866e639a42dd964d77e0 |
| SHA256 | 5dbba999203394cdd5d2a87e39530fda49fd8954dae68ffc8257f234e3e56ff0 |
| SHA512 | 9b6208526134c6bd25a7cf9af1abd74ad04e9c70c19bca482b931c8e65ece0c6e0d27cb506e7ecfa3808067e45a63b39cc7066124d7d169c4a0e0a097f0f80d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a94eab78d43304aadc30612b96882e1 |
| SHA1 | 1229085db2f52d84af9cb4141d5e120a47efeecf |
| SHA256 | 2942ddb65220a55f22072115a5cb73f3701bb485c70a80a0c2abd31b3cb96547 |
| SHA512 | 4ee3e3c67894524adca777f5fc48aca5ad4d8e23eaec2d9d5d3405c7cc5058dd3c8a38f8d14f308e98b7b5e6dbbb49952685f185e63aef1899ef6158fe923b3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e842a8a1742ce90be0ffaf1c9d6b2d6 |
| SHA1 | 7988ff1c4bd2c372f4cbb904af2d07138cab4dcb |
| SHA256 | b435dda44b48c070143927b4397416d262d243b71586031003d011efd53f22e7 |
| SHA512 | c9f4ddc78de0bf21817c9905e92df7fd48ae10d62f16f6e6cad96b45ef98ba0a35f139751c3534599b807d4c04e13c8467e5f457e380437729fb3d8acffa2170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 885f7ea99a40aaf208ae281f2788676f |
| SHA1 | 7e6c00afcd4f7f04791e98aac0f811b1f239bc1b |
| SHA256 | 60de084570ce03f9a13e4aa6bfb0144fd9aa81e43228b432ffc2adea18eb6fc2 |
| SHA512 | 5ce37310502added515ecaeb7693b29aaa8f1dfe08015f18b5a18b3342f2217bf6866a405938c24068ed9fadfb3c376788ca2fe9c4d58229544b37dee571d3c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ef57ae717e1a9450b445035325952390 |
| SHA1 | eac06010529b01634caf680024e49694b9053260 |
| SHA256 | d66021eaa606d186a52c38735829d8c8bc194d5b65cf2df044d28dd8aed97999 |
| SHA512 | 0cc1fbecdc6cd49f0692789ab017389c2bff075f14014a714c7a76c4e0d9b26d27472893c726f72fbcba9b165b99bfd38a27d2fae78a8cb20d733c1d14bc5c0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 332ebb44f2a9c5b3d8ce30c6be003ae8 |
| SHA1 | 1ceb54aad55735b9aad08a159a076497cf85f27d |
| SHA256 | 1cde8845ee6eb69dd830fe209953eb3a74e2ab178a1d387ac3a710291f87a11a |
| SHA512 | cd02b2686fe7b7042ed07666a20b4fd74b74d47b94bd5a53e69daa0c79a702a3f8b984f2feaec77f5a403d4d0bcab228e8f5c2d3c209221d8227d3c2d1d9eca4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 471d206cc61a0681acf87c4af409fda7 |
| SHA1 | e331cbf3fa132121504918eb2e69310874612872 |
| SHA256 | d75874c52e7dee685e705b9b1a80863b53ff358ca5a316909d3b7b0be63efc0a |
| SHA512 | e157ce854270d4dc11e2653b63b82a8d3399e76feffca01a2120286b587dcd12005b00c16458713070b3f5532b3388002814c4edd77789d71f4636fa662d5af5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1cd5ce6ab0efdaa17ed5877befab5b8 |
| SHA1 | d8053060e074b1f2ad4dabf9444ddd08815e3eb6 |
| SHA256 | e935837612b538554d80acdfd6a84cd86c854e690027ad176b5268f494d6e8e7 |
| SHA512 | 0e7d2aa3daefa0b1abc2c09b8568d8c4236b498453d282d1e59f28b4e235bd2bf076d6a2af98fae7277e1c4e6787fe41201e79fbcdaad71d8d2b5f3ae41afa81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09cedc67e2ac6f7e61c316c5ad9345f6 |
| SHA1 | 003704d12928547fd4f7f0ec91f50330b5a47813 |
| SHA256 | b66b6a9e50a04f556bce63f92f8615a88cd2460f4801cb916f9666b4ee4105f6 |
| SHA512 | acf020288a938225b14c86e5a72f60929bf8a7bd6508f9e1c02ad10b05cde60332f8f8ce5b69720b7875583bf6e420f692a70c41e5b70ae9c7165dbf7d6123f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 702529a8de4107965754bed1ca339435 |
| SHA1 | ac8b7158689e2a5357cb9cb4c4ecf7677cae3a57 |
| SHA256 | f1b06098c5e0dff3757024b65a4ea3e77458246a8029a26bc96571b435a0402b |
| SHA512 | 07485a601e99dc86bcae2acab38fd2b4d7adf540e7b9daf1e8332fb40751692a044b7c3a778fd6fbac9e03b82c174b04fed8c535309310fd74e2ad5c264d7203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 680f2432ca660f411d34c606634b4397 |
| SHA1 | e499ba8f6906b40365b9378900d9d58f4fb079c2 |
| SHA256 | a7328cf0d3297cfaed687eb483af67919699911bd5f22193699f5149e130d4da |
| SHA512 | 75a67832e91f68e0654a819f91766b10cdba14644d329b890774e0e2895f50682422d12c24850eb8ccf87b9596180a60ee87d5b0a31b2cc0a532442d5ec8ee00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 910c8529c787362bddee2f2956e8d0e2 |
| SHA1 | dc407432e881b8a5349756600b0f2d22ae4d7615 |
| SHA256 | e07493b5f6f4313dd9bbb6e7c83bb72c6e00a9e2db282a463dbeaceb32735baa |
| SHA512 | d9d802508291b86e962cce38eabb98b0cc252271556ef27b9805495669376a5ef7844d3d7b6013a092b5e62144bdfd788b4bf5f6e9f73d3f912624e218100dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ac3f0637ca17c2c1810fd4263d19df8 |
| SHA1 | d36f8d5aec284537eaf4613e124d7ac77eb2f0d9 |
| SHA256 | d4c5bc26175b02a04b297cda6395eda98344c0fd6119a9275de487b4775c851e |
| SHA512 | 8af68bf2e7f053268547988da01e83b3d1185a78e506b1ca0263b8942bf24a4efb50d6b2e71aa343d634d922c02e0a75f45121f9b184a7edde48b1146cbcfe69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5581007ab1d682540c5e78e64248c7 |
| SHA1 | e5e7c3d27a17bcdba4ce6219bba470ef0f980ab4 |
| SHA256 | 4953e4fb95d4a9081e8993bac1381eacbd639ac7a6fefb2bad009d41da29f305 |
| SHA512 | c3b9d130acb6a031742d90a32f4aa2241bf4ae0523c036bea8088a30de3a8255e4275fbf62ef7e3b814adf025d2e3fb2a38dbefa9ab46ef33ab2b2301fd6e811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfb067381b00aaa571a83e53aa626fa7 |
| SHA1 | e1990a412752045b8d76aa357aee3250b8746b0b |
| SHA256 | c76fc0dbbe821c399c618b14973a7dccd69a71cecfd716d59819c217b7d6d81e |
| SHA512 | 76b3a224d7001a2b2ae0e39645db997613015d6396579de9007ca6578ec1a71d5ea593b9e9f500ac2d3431611baaf32e87743e5b856280fc9ec725116e4a5db1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98c47c0de9a0c20d871f9ea6d82cdb35 |
| SHA1 | 221132d1451d26afa6e5b9d30f8ecfd75560f492 |
| SHA256 | 2bf81a25db2863bae2f49efd34dbbacb76e0a2f89b56d3d5de7db5538d68c497 |
| SHA512 | 8c263c3d741fec4a0f2bc7d6e0a6d55a6b270e5b0594d5ba0bcc6a6faa3bfe0e9bebd537e192396f083bf5fc4e2e4151aaeebcaa506504e07a81c161812dc1f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 503589a3d7e0d03095a02df3468fd39a |
| SHA1 | d889175922b21ee1dd886ae313886f107abb4dfe |
| SHA256 | 512c7aceedf7553056f2317bc490c23fb1a76be98d753e5953b73cc6f8d4b4e5 |
| SHA512 | 3b2f8b3d43e195b404500d2f8c0a2e49f4bb542510d18b845ac374b60ffafcd57c83c73a4c657e7d5d404179f499feee03b6cb22c35187a3860e6ceb4ff827d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8674666c55c05517c19896c741c9b7cc |
| SHA1 | 2c10a2e997bfe216ebe37bd6e5513443e2f62277 |
| SHA256 | 3cc0b497d06581bbf086477729cb8e8fa2e0138c4f25049b5735db180b02e7d5 |
| SHA512 | 3b29dea55fc0fb6311c93661d1ace3b044aef487f0beb863bcdf130420a797dc73f0b3cab625da44fa04c23a7bb36d98daacdc20f19888f69eb9e2e03d6023fc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:30
Platform
win10v2004-20240611-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4704,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4028,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5300,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5332,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=5736,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6104,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=6220,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5340,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5084,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6900,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 151.101.66.137:80 | code.jquery.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:445 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | s12.postimg.org | udp |
| US | 8.8.8.8:53 | s12.postimg.org | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | recent-post-techkgp.googlecode.com | udp |
| US | 8.8.8.8:53 | recent-post-techkgp.googlecode.com | udp |
| NL | 142.250.102.82:80 | recent-post-techkgp.googlecode.com | tcp |
| US | 8.8.8.8:53 | corneteiroonline.blogspot.pt | udp |
| US | 8.8.8.8:53 | corneteiroonline.blogspot.pt | udp |
| US | 8.8.8.8:53 | s12.postimg.org | udp |
| GB | 142.250.200.1:80 | corneteiroonline.blogspot.pt | tcp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s12.postimg.org | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | trollando.com | udp |
| US | 8.8.8.8:53 | trollando.com | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 8.8.8.8:53 | 180.207.133.209.in-addr.arpa | udp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| US | 209.133.207.180:80 | trollando.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 163.70.128.35:443 | www.facebook.com | tcp |
| FR | 163.70.128.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s24.postimg.org | udp |
| US | 8.8.8.8:53 | s24.postimg.org | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | s24.postimg.org | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| GB | 142.250.179.238:443 | sites.google.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | 35.128.70.163.in-addr.arpa | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.2:139 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | corneteiroonline.blogspot.com | udp |
| US | 8.8.8.8:53 | corneteiroonline.blogspot.com | udp |
| GB | 142.250.200.1:80 | corneteiroonline.blogspot.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |