Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-lfdenssgmg
Target a4d948fa8647f17af4de765b6c243709_JaffaCakes118
SHA256 8c3e7b47de32cf434c1eda616d57c0cbf11059d5c6f2f9d6a1434eb8266eed33
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

8c3e7b47de32cf434c1eda616d57c0cbf11059d5c6f2f9d6a1434eb8266eed33

Threat Level: Shows suspicious behavior

The file a4d948fa8647f17af4de765b6c243709_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Legitimate hosting services abused for malware hosting/C2

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:28

Reported

2024-06-13 09:30

Platform

win7-20231129-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{409E57C1-2967-11EF-919D-C273E1627A77} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f536fb7207e0c44aba822d3407798d540000000002000000000010660000000100002000000068ceb8047b1e8f586c6fa102b5d62e46e6067fcb91353b409e60fec90ebea1e8000000000e8000000002000020000000f3841af8af395cf806c23a46bcf2c5f6023bef683a535d8deadf5a9bc8ce7438200000008cc6accbe5e756a771f74a8f33037550e21d3d01860df044b8594f74ac07cbd64000000057067b7abd5059116e7f11409e51d86121c5a8e460c0850022f10399bd874232562cb96238625a6f2b277026f290510645764ae6efae63e6fd330b7a2a0fa648 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432759" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1016991974bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f536fb7207e0c44aba822d3407798d5400000000020000000000106600000001000020000000b4f39d4deb5a73b505ce0231984358e7cce6048a50090b31edf220d7b6a38500000000000e8000000002000020000000518adc8326521804872f2fb9dd2fb3b1beb0ba74bbfe5b94abc12fc33e55c21190000000eb730f634844a9a34a4b22ee751620b13e942f441055d0ed6e910e0ee6397184fbf270dfd3cb2e9af269e309fd186d1dcb90ad127d2141e93dcd681d014dba997a19b021d67d1e155efa0153a18912eb8034556d1761f3edc99057682a4fd78d8ca944e9c28f943bb2d779a1fc57e88b520fd9fd03d0d2e508b41f35748a15eb8040364072372123ba631195d0fc824e400000005aec2a9550840163fe098cd593e2a5391c6e26914898136b23a918be21463bb680b74c7c7dda8f2cb9224116680c67ad0899b955c60f02407584c2c89defb653 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 s12.postimg.org udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 recent-post-techkgp.googlecode.com udp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 151.101.194.137:80 code.jquery.com tcp
US 151.101.194.137:80 code.jquery.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
NL 142.250.102.82:80 recent-post-techkgp.googlecode.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
NL 142.250.102.82:80 recent-post-techkgp.googlecode.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
PL 93.184.220.66:80 platform.twitter.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 s24.postimg.org udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 trollando.com udp
US 8.8.8.8:53 corneteiroonline.blogspot.pt udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.200.1:80 corneteiroonline.blogspot.pt tcp
GB 142.250.200.1:80 corneteiroonline.blogspot.pt tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
NL 23.62.61.88:80 www.bing.com tcp
NL 23.62.61.88:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1084.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1309.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 48ff886a6393cad40e2bad34e3885715
SHA1 bd5bfec859695cc2ebd2714003854dce9ce3fb42
SHA256 46b188eabd12c748b7192ebf1b14c3c9ac649d058c2ac26ff45168860f155675
SHA512 eea2be29c88c9befe9a6e050fb11848ac1a70aca746e79f806397e4cedd91014cbf589d6c68786059768cf8d71eacb46c2e0ecfd1dc0bd15b68445b9926aa58f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GH1AJ40\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10e4cb28e9272280736d8e4ecbedc67b
SHA1 cdb7e4fa97e96b254e892d03c482560acc5fc98f
SHA256 d3cef8d4e08436c1e68dc9fca784d381aeba760c4822e4b49fce221dd426c10e
SHA512 482fe32b8d561a797ee88886def692138cf40f0113f9ebabd13a4a66bde4719bbb0bf6b59467bd715ee020f8a81111ae0d7bb91ef9fa69fdeb491c1d8277d79f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c2a97d8e9dc429701d2f356e874f8d9
SHA1 2acda10ac751fcedeaffbfef39ed65e72a36bebc
SHA256 8bf973c13d986c1ca632e3136a224d6485bac82edebab88c0958398db221e04d
SHA512 01244883a34c221b3976beb009e95f55bd335d6be1ed131f2a9ccc8846f21e82e7c1ff03b65af3e1450cb41eda66b733b881b2d8a5568dee7243b5b9f7e051fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ee99a63c3c3a7f5b46ec038240d34b9
SHA1 66f4994734985ac522e96f6459b3d1870cb74ba9
SHA256 7dd2409d9807d2aa513ef592ffefcfe38f0b0f2eccc5524256c9cc17ffbbf030
SHA512 e0c476c31105910e76adb5daa73b1a233d591efabdb2d1a7260954a16f8deb1cae327b24be25c405c35f245b56b926b7fd927f96ce22db97bdde74910e918d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f42b8787d4b517d3c60ae18172b00162
SHA1 f10281527727b2d90ec0566e5dd90255e44445f0
SHA256 4bdf4bcbe2fe4caedc43de22cb6c0d9cd3728847a96e74635bde4001e84dfa6f
SHA512 276af1c98b5761dc8803db96da46a0240b8bab283b6265aa7beaf8a11cdb030cede28de76bba4e8f9c5550c34c948bca8a2edf936a6d1744b7a142ea0de81936

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a695a80904a999dcc117dd7349f4bf9
SHA1 241e1ac9d8bd7afa2785b0c688aaf9a6a5f655f4
SHA256 c8dcefd143ce5710046d06bb89d0f52af0e4f5afacd336080334c32ff1c0d1e4
SHA512 2c6e2b0d1ee1bc62f37a167bda9a5538d326e7024b81afe78656380c05e691243ef7fbb97e4e7fd670e8b2d90c7592470b9cdd313d756048a589e900d41166fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 991294d1cd9f2c7b21eceddcf816c7c0
SHA1 219c546403669a207b74866e639a42dd964d77e0
SHA256 5dbba999203394cdd5d2a87e39530fda49fd8954dae68ffc8257f234e3e56ff0
SHA512 9b6208526134c6bd25a7cf9af1abd74ad04e9c70c19bca482b931c8e65ece0c6e0d27cb506e7ecfa3808067e45a63b39cc7066124d7d169c4a0e0a097f0f80d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a94eab78d43304aadc30612b96882e1
SHA1 1229085db2f52d84af9cb4141d5e120a47efeecf
SHA256 2942ddb65220a55f22072115a5cb73f3701bb485c70a80a0c2abd31b3cb96547
SHA512 4ee3e3c67894524adca777f5fc48aca5ad4d8e23eaec2d9d5d3405c7cc5058dd3c8a38f8d14f308e98b7b5e6dbbb49952685f185e63aef1899ef6158fe923b3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e842a8a1742ce90be0ffaf1c9d6b2d6
SHA1 7988ff1c4bd2c372f4cbb904af2d07138cab4dcb
SHA256 b435dda44b48c070143927b4397416d262d243b71586031003d011efd53f22e7
SHA512 c9f4ddc78de0bf21817c9905e92df7fd48ae10d62f16f6e6cad96b45ef98ba0a35f139751c3534599b807d4c04e13c8467e5f457e380437729fb3d8acffa2170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 885f7ea99a40aaf208ae281f2788676f
SHA1 7e6c00afcd4f7f04791e98aac0f811b1f239bc1b
SHA256 60de084570ce03f9a13e4aa6bfb0144fd9aa81e43228b432ffc2adea18eb6fc2
SHA512 5ce37310502added515ecaeb7693b29aaa8f1dfe08015f18b5a18b3342f2217bf6866a405938c24068ed9fadfb3c376788ca2fe9c4d58229544b37dee571d3c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 ef57ae717e1a9450b445035325952390
SHA1 eac06010529b01634caf680024e49694b9053260
SHA256 d66021eaa606d186a52c38735829d8c8bc194d5b65cf2df044d28dd8aed97999
SHA512 0cc1fbecdc6cd49f0692789ab017389c2bff075f14014a714c7a76c4e0d9b26d27472893c726f72fbcba9b165b99bfd38a27d2fae78a8cb20d733c1d14bc5c0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 332ebb44f2a9c5b3d8ce30c6be003ae8
SHA1 1ceb54aad55735b9aad08a159a076497cf85f27d
SHA256 1cde8845ee6eb69dd830fe209953eb3a74e2ab178a1d387ac3a710291f87a11a
SHA512 cd02b2686fe7b7042ed07666a20b4fd74b74d47b94bd5a53e69daa0c79a702a3f8b984f2feaec77f5a403d4d0bcab228e8f5c2d3c209221d8227d3c2d1d9eca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 471d206cc61a0681acf87c4af409fda7
SHA1 e331cbf3fa132121504918eb2e69310874612872
SHA256 d75874c52e7dee685e705b9b1a80863b53ff358ca5a316909d3b7b0be63efc0a
SHA512 e157ce854270d4dc11e2653b63b82a8d3399e76feffca01a2120286b587dcd12005b00c16458713070b3f5532b3388002814c4edd77789d71f4636fa662d5af5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1cd5ce6ab0efdaa17ed5877befab5b8
SHA1 d8053060e074b1f2ad4dabf9444ddd08815e3eb6
SHA256 e935837612b538554d80acdfd6a84cd86c854e690027ad176b5268f494d6e8e7
SHA512 0e7d2aa3daefa0b1abc2c09b8568d8c4236b498453d282d1e59f28b4e235bd2bf076d6a2af98fae7277e1c4e6787fe41201e79fbcdaad71d8d2b5f3ae41afa81

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09cedc67e2ac6f7e61c316c5ad9345f6
SHA1 003704d12928547fd4f7f0ec91f50330b5a47813
SHA256 b66b6a9e50a04f556bce63f92f8615a88cd2460f4801cb916f9666b4ee4105f6
SHA512 acf020288a938225b14c86e5a72f60929bf8a7bd6508f9e1c02ad10b05cde60332f8f8ce5b69720b7875583bf6e420f692a70c41e5b70ae9c7165dbf7d6123f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 702529a8de4107965754bed1ca339435
SHA1 ac8b7158689e2a5357cb9cb4c4ecf7677cae3a57
SHA256 f1b06098c5e0dff3757024b65a4ea3e77458246a8029a26bc96571b435a0402b
SHA512 07485a601e99dc86bcae2acab38fd2b4d7adf540e7b9daf1e8332fb40751692a044b7c3a778fd6fbac9e03b82c174b04fed8c535309310fd74e2ad5c264d7203

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 680f2432ca660f411d34c606634b4397
SHA1 e499ba8f6906b40365b9378900d9d58f4fb079c2
SHA256 a7328cf0d3297cfaed687eb483af67919699911bd5f22193699f5149e130d4da
SHA512 75a67832e91f68e0654a819f91766b10cdba14644d329b890774e0e2895f50682422d12c24850eb8ccf87b9596180a60ee87d5b0a31b2cc0a532442d5ec8ee00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 910c8529c787362bddee2f2956e8d0e2
SHA1 dc407432e881b8a5349756600b0f2d22ae4d7615
SHA256 e07493b5f6f4313dd9bbb6e7c83bb72c6e00a9e2db282a463dbeaceb32735baa
SHA512 d9d802508291b86e962cce38eabb98b0cc252271556ef27b9805495669376a5ef7844d3d7b6013a092b5e62144bdfd788b4bf5f6e9f73d3f912624e218100dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ac3f0637ca17c2c1810fd4263d19df8
SHA1 d36f8d5aec284537eaf4613e124d7ac77eb2f0d9
SHA256 d4c5bc26175b02a04b297cda6395eda98344c0fd6119a9275de487b4775c851e
SHA512 8af68bf2e7f053268547988da01e83b3d1185a78e506b1ca0263b8942bf24a4efb50d6b2e71aa343d634d922c02e0a75f45121f9b184a7edde48b1146cbcfe69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a5581007ab1d682540c5e78e64248c7
SHA1 e5e7c3d27a17bcdba4ce6219bba470ef0f980ab4
SHA256 4953e4fb95d4a9081e8993bac1381eacbd639ac7a6fefb2bad009d41da29f305
SHA512 c3b9d130acb6a031742d90a32f4aa2241bf4ae0523c036bea8088a30de3a8255e4275fbf62ef7e3b814adf025d2e3fb2a38dbefa9ab46ef33ab2b2301fd6e811

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb067381b00aaa571a83e53aa626fa7
SHA1 e1990a412752045b8d76aa357aee3250b8746b0b
SHA256 c76fc0dbbe821c399c618b14973a7dccd69a71cecfd716d59819c217b7d6d81e
SHA512 76b3a224d7001a2b2ae0e39645db997613015d6396579de9007ca6578ec1a71d5ea593b9e9f500ac2d3431611baaf32e87743e5b856280fc9ec725116e4a5db1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98c47c0de9a0c20d871f9ea6d82cdb35
SHA1 221132d1451d26afa6e5b9d30f8ecfd75560f492
SHA256 2bf81a25db2863bae2f49efd34dbbacb76e0a2f89b56d3d5de7db5538d68c497
SHA512 8c263c3d741fec4a0f2bc7d6e0a6d55a6b270e5b0594d5ba0bcc6a6faa3bfe0e9bebd537e192396f083bf5fc4e2e4151aaeebcaa506504e07a81c161812dc1f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 503589a3d7e0d03095a02df3468fd39a
SHA1 d889175922b21ee1dd886ae313886f107abb4dfe
SHA256 512c7aceedf7553056f2317bc490c23fb1a76be98d753e5953b73cc6f8d4b4e5
SHA512 3b2f8b3d43e195b404500d2f8c0a2e49f4bb542510d18b845ac374b60ffafcd57c83c73a4c657e7d5d404179f499feee03b6cb22c35187a3860e6ceb4ff827d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8674666c55c05517c19896c741c9b7cc
SHA1 2c10a2e997bfe216ebe37bd6e5513443e2f62277
SHA256 3cc0b497d06581bbf086477729cb8e8fa2e0138c4f25049b5735db180b02e7d5
SHA512 3b29dea55fc0fb6311c93661d1ace3b044aef487f0beb863bcdf130420a797dc73f0b3cab625da44fa04c23a7bb36d98daacdc20f19888f69eb9e2e03d6023fc

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:28

Reported

2024-06-13 09:30

Platform

win10v2004-20240611-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d948fa8647f17af4de765b6c243709_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4704,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4028,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5300,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5332,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=5736,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6104,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=6220,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5340,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5084,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6900,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
US 151.101.66.137:80 code.jquery.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
US 8.8.8.8:53 s7.addthis.com udp
BE 104.68.81.91:445 s7.addthis.com tcp
US 8.8.8.8:53 s12.postimg.org udp
US 8.8.8.8:53 s12.postimg.org udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 g.bing.com udp
PL 93.184.220.66:80 platform.twitter.com tcp
US 204.79.197.237:443 g.bing.com tcp
GB 142.250.178.9:443 www.blogger.com udp
US 8.8.8.8:53 recent-post-techkgp.googlecode.com udp
US 8.8.8.8:53 recent-post-techkgp.googlecode.com udp
NL 142.250.102.82:80 recent-post-techkgp.googlecode.com tcp
US 8.8.8.8:53 corneteiroonline.blogspot.pt udp
US 8.8.8.8:53 corneteiroonline.blogspot.pt udp
US 8.8.8.8:53 s12.postimg.org udp
GB 142.250.200.1:80 corneteiroonline.blogspot.pt tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 19.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 s12.postimg.org udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 dl.dropbox.com udp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 trollando.com udp
US 8.8.8.8:53 trollando.com udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 8.8.8.8:53 180.207.133.209.in-addr.arpa udp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
US 209.133.207.180:80 trollando.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
NL 23.62.61.88:443 www.bing.com tcp
US 8.8.8.8:53 88.61.62.23.in-addr.arpa udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 216.58.204.66:445 pagead2.googlesyndication.com tcp
GB 163.70.151.35:445 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
FR 163.70.128.35:443 www.facebook.com tcp
FR 163.70.128.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 s24.postimg.org udp
US 8.8.8.8:53 s24.postimg.org udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 s24.postimg.org udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 platform.twitter.com udp
GB 142.250.179.238:443 sites.google.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 www.blogger.com udp
PL 93.184.220.66:443 platform.twitter.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.blogger.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 35.128.70.163.in-addr.arpa udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
US 8.8.8.8:53 syndication.twitter.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com udp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 199.232.56.157:443 platform.twitter.com tcp
US 104.244.42.200:443 syndication.twitter.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 corneteiroonline.blogspot.com udp
US 8.8.8.8:53 corneteiroonline.blogspot.com udp
GB 142.250.200.1:80 corneteiroonline.blogspot.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.88:443 www.bing.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 23.62.61.106:443 www.bing.com tcp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp

Files

N/A