Malware Analysis Report

2024-10-19 02:45

Sample ID 240825-n7ywssvdpj
Target c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118
SHA256 90057078eecdcbfeb77019726fe5fe1554d224e155136f685af73bfb1916c14b
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

90057078eecdcbfeb77019726fe5fe1554d224e155136f685af73bfb1916c14b

Threat Level: Known bad

The file c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 12:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 12:02

Reported

2024-08-25 12:05

Platform

win7-20240708-en

Max time kernel

137s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000000c931552dfa3366ff6aa1d1d7fb9e5099998684ab448cd932cbd3dfb597c09d6000000000e800000000200002000000048c6a760300ec152b908fed9e572e02a79751caf3df90ea4a1332fdd5c892fd720000000ef0d4704942be02b433514291050eae2301954b8075620aefae2e1e1c91856dd40000000dde5e171881d4613fa0d7554ceda83a548aa3e53666d1fdac1fca6e190e45776162c08dd711f39312549f8cbe638bc41a55babcf243f80fdf11f6685d561ce1d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ce35f0e6f6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8C39801-62D9-11EF-B34E-E29800E22076} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430749246" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000c1e67f583bfeecaf207473de093976529e94cfc4f1f931384b5af2485ac47c0c000000000e8000000002000020000000f16ec0ba4d9296f2c81747bf259e4327591300e6a5897a07242bae88c5a6979b90000000fcc4bb810a062d135a77e1c9893b7c2b44e200c6bfff5c9356debb97e0c85b4edad2d122b110fcdc49292969c328f88579fcb761f673eec14a9c9df86fc5c96cc6a2d85a7dbe24de0158b79fd9713fbaaf05c514f5467799c41c5d5cbbe289ddb331a5bfcf1ae0aa7c8ccebf71a5a457415d9c1f7abf5eacf309a7ce981aaa252e6c84d067dd9d8fc9b8abfbf397423240000000d938e5aeebc41be574ef6d3dd82ed7e43fd2e3b6646ef30be056e5a73830ce79fc3891ef478d90214d0c62d05bdb82611613bdbdf8e4c33874afb72814f655ca C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 18.172.88.79:80 w.sharethis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.75.234:443 ajax.googleapis.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.75.234:443 ajax.googleapis.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 18.172.88.79:80 w.sharethis.com tcp
FR 142.250.178.129:443 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com tcp
FR 142.250.178.129:443 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
GB 18.172.88.79:443 w.sharethis.com tcp
GB 18.172.88.79:443 w.sharethis.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
GB 79.127.237.132:80 cdn.popcash.net tcp
GB 79.127.237.132:80 cdn.popcash.net tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
GB 18.172.88.79:443 w.sharethis.com tcp
GB 18.172.88.79:443 w.sharethis.com tcp
US 8.8.8.8:53 dcba.popcash.net udp
US 8.8.8.8:53 cdn.mobicow.com udp
US 8.8.8.8:53 mediacbs.blogspot.com udp
FR 142.250.179.105:80 resources.blogblog.com tcp
US 3.224.163.76:443 dcba.popcash.net tcp
US 3.224.163.76:443 dcba.popcash.net tcp
FR 142.250.75.225:80 mediacbs.blogspot.com tcp
FR 142.250.75.225:80 mediacbs.blogspot.com tcp
CA 63.141.57.216:80 cdn.mobicow.com tcp
CA 63.141.57.216:80 cdn.mobicow.com tcp
US 8.8.8.8:53 widgets.amung.us udp
US 3.224.163.76:443 dcba.popcash.net tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 172.67.8.141:80 widgets.amung.us tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
CA 63.141.57.216:80 cdn.mobicow.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\pop[1].js

MD5 4e52b7473fb5439a4a6ae8b48d7e1c38
SHA1 f27853125646cd926bbfd9504e72aa98fdfdfdeb
SHA256 36b44b4585f42fd4af7d626e6549bb0439ad8ce858803e1ff513c432a1580480
SHA512 02163152a5fa978f2df90523acbde440e3f72dfdf446bc30e08a680a9f14405ff28365e20e48ae4dddc0442bc236f67f74b37941e5ce00038d521aebb95081c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e093c6f1e3b59f2e94f160e8801d279f
SHA1 f7577cd41482911eb277482c8a1adcd71de49548
SHA256 ee0cb0242c52e809f52e5837ac8479ca2092b732517ced65a77c727b8b5db2d0
SHA512 01aa7286947ff02bbfe27a93d7db498e3a65bd341bccaadbefe891d3312e72ef4c91057c4fbb08db20774f9e88c360a9ad42ecc4f63c73360d324e13097c04f9

C:\Users\Admin\AppData\Local\Temp\Tar68C5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab68C3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 482210e8109a60b81101f6173468f0ae
SHA1 bc904bc1ad2d42fb75520706c8dc4e62b0d512a0
SHA256 1d8a4dac7ea6a2f93b2b6ecac793da4b60b2b8b6fcb67117680bc9db7a286acd
SHA512 4831edfbace8c22cabd2129f8aee451c57f80f315d6af7078627f685fd41a36ad418a03679339d99d750992ec87c60a752004320487da72ed94ffc018417705c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ddf4fca38ac88a6947857093c43b778
SHA1 b7ad25739311c4cd03bed21777dcea64e8867eb3
SHA256 fd78e69db244654bdd7530c381c48b1e2ed123a790688672a2eec739df5b5401
SHA512 19c3213f5b62d6861d2c995cfb1b84b894e1aeeb072707f460cf13f41b2c5ddcf77583a12813d69b013ce64c67720c4e5e30d54115491e547d0bad005cb79360

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8491a0d7a22fd94cadd420a320dbcbc1
SHA1 6d4d30cc08b005936e6608a610a29d85903641b6
SHA256 d04c87a6fc77d8ea7211406af8df0d5517c95ad27227fb04de3935c77bed3670
SHA512 21ab29e6a205f00f3fbf80c82c68516729b0bdb723d3cb61ed65d81424787a3b59ac589305f2d72187a8d4e0ecf4cdedea2083f2ebcdb09724a0d8723dadbc53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9ab5096d0796c7db4afecc3a65e0ad0
SHA1 c41fa4c96733f54c31c4442f1ddc9d706bd376a5
SHA256 c615aac4933602e3a4d89b092cd3aa67fb71a0578be2d25bc093adf4a1c0be3e
SHA512 b8c19e95a75bd104b2a06b3b646fd667ef843580eda77d212586f280123651954a127b7faaf5a8a061f1940dc3b0eb0d4bc91db8575e3d6d86cc0368333dd672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dd94cdbf824c6b0aed613cd280c8c17
SHA1 6fe95d30185b05e525d5c76ca652d5fd353845fa
SHA256 8f02e85b671f54d11b2835e9a2228678df3b97b2a66d65dfe51fc20359532757
SHA512 728271eaf33b426d7def63c054d903035578c2f1b58196226ae84ccdf82e7162b9965252e607ea02ac39f3b772236116a3c850dc28a7d55ca20f12b3ae1c48c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88ed1a5f061164c9746409d966914daa
SHA1 98cf51ac5d9b3ccd1eb33f1806e5aa85509314a8
SHA256 5f360d1d92eddd956a227f4fe14c49bf147cb16a5a469ec33ce8ebc556777326
SHA512 f01df75fb169a2edba965482ac9fee8d5b8dc4e93c9b0d5940995391d9bdd63916b7cd54e5d7640872198b2e01163e7d8dfeb9140d9045c55cfd3ca60b0c64a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6b190eab8d5f41d9e5722577ae0a1cfc
SHA1 8b6ed25cf5deea99d6a56d95589c5840944c81ff
SHA256 9d0ae378ecb0693c61012a0a9cac95e080a21a8a8cb47e57ed64b06dcef83bfe
SHA512 481b75c3746cf12eae647080d8e86af37e8bbf064c15742e6b7119578c9b148b8d901030908cc4bc3549098c44fd79a44441360535feb1bcc3a1e9a3ed834169

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbba61fd39ce3bcd8687922b51365daf
SHA1 7d52813e67683f3a01ca10756e42edd7b64c6467
SHA256 d1a78487ba9d1a36ff9cb7a0d9b14e9405603b1a3d825444f927dabcfba35bdc
SHA512 82c685bb8235dfa1af4a2aad5245fc4a6fe56d1189940b36e6932052e3a76f8ee0edd849bfdae41ff69b423dba0ecb0c48459bb85059b85d7d57c2f61891985f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1036265f59ec66274c7d55677060ad
SHA1 af4be171218deee856e1f3aaa1c2c925b5f991ea
SHA256 c04663476cdd8e89eefed0f82f93a6cac18b9a92926186192b8713b9593e53b3
SHA512 a9053d11308b940f405ed94f3a9c72a256b4b8c929ef83d64672ff707636957119c3adeed185503968b136b038c759862ef41164365512de20fe29d9d32a3639

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c38780121fae4eb2a9f544651d24c571
SHA1 bf59f9f434918ca2303db368098315c2d655a4c6
SHA256 b2d52cc2bbb890a5759ec26055f9b72854837ac36f592671b243cf5f28ed5e11
SHA512 1e8f4542ab86ca7b786d13613a7685f306ebbcb27310ebb268c5a3d9b2a53294c73f536017a4b8f649a3cb103f125d12405cceb96d87cd4653473827d7967abd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a497a76ba03d02f6916cac08e0dc9fc
SHA1 ac8f576015cff756bc66460351e5a95eda79e21c
SHA256 bf7748b36b30ad82bd541a894bb65b04a7e4ea050a7bfb739efd4aa3278029f3
SHA512 2b7e08b37552ba220fc191c3f9ab8f9cc302c43c5d36863b37f5320370b4508e241abade35dd047ba6a7bc413f68cdd989cf51cffc83da2b4e8b2c0f49668903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9af990bce9e2fd62cd4389eca939aba2
SHA1 d73b650a205bf334f0238bfa29c13acd1a6ad14b
SHA256 667937815e67ca819835a211e2295fa52ccb85d4858cd208ac6ee21d1f7beea7
SHA512 a191dd0c6d6f1939460f5ed43057b13f4a4490274b26fb3ac6396737e8702796c2f0857c9f82a8dca7e97435e7b6248b12d8a42b31841f1e34875398c73a5d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b559f869fd4cce00d238b0dc10ae7b
SHA1 2538c9526693dd4061b3179c1a357a1715843015
SHA256 6f2d4297dc85303253381121588ecd22ac9d76a062572bfd003b012df1915910
SHA512 894feafa815d1bda06641dab4fc36b239e65deda2aeb05e92b294cf3edfd624f4064eb4cbb0678afe4e24cf40811cd3f46813e7b34fb72314ed7f9970ca0dfd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6010dfb63119134feb04170a52b8d89
SHA1 c37e49cb1df338452043bc0c5719b0147e6eb8c8
SHA256 e7d995e6476e0c780a07894e706d5d6f4b89879de51ebe7943ce3ca372b19d15
SHA512 53aa56aa23a122cf81bedafb75c546261707931e453bde97d8c03a40becf6df3249c38770903ee7cbef156da35157be7c66d4673e027f00886bc3ab49618513b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f63c4ca5f93c91e8c63045575b7fe4b1
SHA1 333a0c9b323a7ffb892b52aa6abf77c318f4e736
SHA256 b24975dcdac838ce31cf2433ff5cb5ad6225aae383d4f2d5eaabef02f26f1b87
SHA512 b2069af2a5e9b3c50903fd312ec5310385b514271e9f2cf0474fef5b24cd09db5807a5ac192fdc17ade715e3762b664abd7836edaf54c3bebe491ef815dd94ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d37cff4164052f4d27c5020dbdc662b6
SHA1 9945b67d4fe69b47140000e5b6265b2068409f56
SHA256 4b34e4d2081a08b1816fb167cd3424f84923694c94b7e8c2198dacf6ed2244ed
SHA512 6c82123a67d811c1ae5061fb71d920f7b53121ef2532508cafd4dae2dd103b376571c157fd29f0b2c11f80441892ac687ae9bbb131d13111dc6672f445524176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf13f897be71b088d4baabe84a8197d5
SHA1 d7f071512d56f02881d5b4b800c9388e3147d9a8
SHA256 9dec814457d750e9c14d3b2a88e3a38fc4d7b58d2bf10a997e8153f1e0961255
SHA512 3b4c8e0e9c040d5a7bf1a3f1a11ed2b04fd9989bc1d76367e020f3977cce6c0ae3106cf5c071b61cac810f031d55c194aeb09a39bd2e82fca269a7378a5acca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5957842e7f304fe5f0071122ea03b61
SHA1 40b55332cc211ef96f03e50c2f0d54ac375cb8eb
SHA256 ccf20dfdb98ce70b260a49d5155b8f364e356f40f1497d6cbd0f8037e08303cd
SHA512 2a81bb8efa743aa007533a3a9ee2e443f5ccad8d7f41ca9331ec6381b7b8e15b89e4ab8a483f897de2049edc1f0e3065fef07156339b2233d9a9f39a69ed6831

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31eb77bda9a84c022a9f634fec6e61c6
SHA1 4d55d2938d987f80cf60ed962d923ae073e2db4f
SHA256 56f88a0ef661136c2a81adba4e5371c97c4f13f342cac305776496b9e890f3f6
SHA512 e4944878ff04f3c6be98ae160da2510428ab897d236a2701bab8118b9b0a87b018b91b83689a5d8d58b0511130b0425c769d9710167628ede46a4c7f569c7c1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 621caf10d328403c891a04806f68fefe
SHA1 336a7c1acad3615f3389903c21ea581b7ef799ae
SHA256 55e96b80e2440470c268f3b74ae8dcb2ac97267ae6852d7ef4ed33320c7b6c63
SHA512 546a25c2d949359c4a8ed3de0c8eb1a095726a8d193db0774e2354dcc7a99150f89ce22344d0f092370bb07cdf5f0b528588f0919b2f2bd2b3b9192d9ca62650

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c580a719e70f3072eb76fc16bb1d5fa9
SHA1 cd99dfec6b50ea93b1bdd23046593a601a319c10
SHA256 213da8125e8c00c06c44277e2410e333096b1998943ae855435b63e003b4425c
SHA512 ff446ecc8dcdd95917729e648f7ff749f71630ef8e937c8851b91cd0c4af8e262338c8fb557b43b6f115f32d126cb6e8f39dada93aa4672f4347133aa12a33ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92186b7f5704ca870c0d5163729f9db9
SHA1 da30d601bc02c354a5e647570194bab9103ca089
SHA256 14d51ce2487ea20c4612cfdae1d9d027a077ded9396e44a64f0e4a6ed04ce77b
SHA512 d22b32d394248062727fc1b0e978bb0144e80847c9eb9e81114b41fcfd133f0c3fd77c391cd43a621910165e4ba5a74142db2ae5fbb07768f24fb624dbf0b237

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 12:02

Reported

2024-08-25 12:05

Platform

win10v2004-20240802-en

Max time kernel

138s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4928,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4192,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5420,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5608,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5616,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6036,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6296,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6452,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6732,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4180,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 40.71.99.188:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com udp
US 8.8.8.8:53 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 w.sharethis.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.178.138:443 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.178.129:443 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com tcp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 188.99.71.40.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 w.sharethis.com udp
GB 18.172.88.108:80 w.sharethis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 cdn.popcash.net udp
US 8.8.8.8:53 cdn.popcash.net udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 143.244.38.136:80 cdn.popcash.net tcp
GB 92.123.142.200:443 bzib.nelreports.net tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.75.226:445 pagead2.googlesyndication.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
FR 142.250.178.129:80 themes.googleusercontent.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 w.sharethis.com udp
US 8.8.8.8:53 w.sharethis.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 18.172.88.108:443 w.sharethis.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 108.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 dcba.popcash.net udp
US 8.8.8.8:53 dcba.popcash.net udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 widgets.amung.us udp
FR 142.250.179.105:80 www.blogger.com tcp
FR 142.250.179.105:80 www.blogger.com tcp
US 3.224.163.76:443 dcba.popcash.net tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 widgets.amung.us udp
US 8.8.8.8:53 widgets.amung.us udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 104.22.75.171:443 widgets.amung.us udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 3.224.163.76:443 dcba.popcash.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 cdn.mobicow.com udp
US 8.8.8.8:53 cdn.mobicow.com udp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 mediacbs.blogspot.com udp
US 8.8.8.8:53 mediacbs.blogspot.com udp
CA 63.141.57.216:80 cdn.mobicow.com tcp
FR 142.250.75.225:80 mediacbs.blogspot.com tcp
US 8.8.8.8:53 t.dtscout.com udp
US 8.8.8.8:53 t.dtscout.com udp
FR 172.217.20.194:139 pagead2.googlesyndication.com tcp
CA 63.141.57.216:80 cdn.mobicow.com tcp
US 141.101.120.11:443 t.dtscout.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.75.225:80 mediacbs.blogspot.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 76.163.224.3.in-addr.arpa udp
US 8.8.8.8:53 171.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:443 apis.google.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 157.240.221.35:445 www.facebook.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
US 8.8.8.8:53 l.sharethis.com udp
GB 99.86.114.51:443 ws.sharethis.com tcp
IE 34.252.98.56:443 l.sharethis.com tcp
US 8.8.8.8:53 11.120.101.141.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
GB 99.86.114.51:443 ws.sharethis.com tcp
IE 34.252.98.56:443 l.sharethis.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 51.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 56.98.252.34.in-addr.arpa udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 count-server.sharethis.com udp
US 8.8.8.8:53 count-server.sharethis.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 count-server.sharethis.com udp
US 8.8.8.8:53 count-server.sharethis.com udp
FR 142.250.179.105:443 resources.blogblog.com tcp
GB 3.162.20.13:443 count-server.sharethis.com tcp
FR 142.250.179.105:443 resources.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 13.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
US 8.8.8.8:53 blogger.googleusercontent.com udp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
FR 142.250.178.129:443 blogger.googleusercontent.com tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
GB 88.221.135.25:443 www.bing.com udp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 c1.popads.net udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
GB 89.187.167.38:445 c1.popads.net tcp
GB 84.17.50.9:445 c1.popads.net tcp
US 8.8.8.8:53 c1.popads.net udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 whos.amung.us udp
US 104.22.74.171:445 whos.amung.us tcp
US 172.67.8.141:445 whos.amung.us tcp
US 104.22.75.171:445 whos.amung.us tcp
US 8.8.8.8:53 whos.amung.us udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.27.27:139 connect.facebook.net tcp
GB 88.221.135.34:443 www.bing.com tcp
US 8.8.8.8:53 34.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 c2.popads.net udp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 ws.sharethis.com udp
US 8.8.8.8:53 ws.sharethis.com udp
GB 18.172.88.92:443 ws.sharethis.com tcp
US 8.8.8.8:53 92.88.172.18.in-addr.arpa udp
GB 95.101.143.201:443 www.bing.com tcp
US 8.8.8.8:53 201.143.101.95.in-addr.arpa udp

Files

N/A