Analysis Overview
SHA256
90057078eecdcbfeb77019726fe5fe1554d224e155136f685af73bfb1916c14b
Threat Level: Known bad
The file c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 12:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 12:02
Reported
2024-08-25 12:05
Platform
win7-20240708-en
Max time kernel
137s
Max time network
140s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000000c931552dfa3366ff6aa1d1d7fb9e5099998684ab448cd932cbd3dfb597c09d6000000000e800000000200002000000048c6a760300ec152b908fed9e572e02a79751caf3df90ea4a1332fdd5c892fd720000000ef0d4704942be02b433514291050eae2301954b8075620aefae2e1e1c91856dd40000000dde5e171881d4613fa0d7554ceda83a548aa3e53666d1fdac1fca6e190e45776162c08dd711f39312549f8cbe638bc41a55babcf243f80fdf11f6685d561ce1d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60ce35f0e6f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8C39801-62D9-11EF-B34E-E29800E22076} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430749246" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000c1e67f583bfeecaf207473de093976529e94cfc4f1f931384b5af2485ac47c0c000000000e8000000002000020000000f16ec0ba4d9296f2c81747bf259e4327591300e6a5897a07242bae88c5a6979b90000000fcc4bb810a062d135a77e1c9893b7c2b44e200c6bfff5c9356debb97e0c85b4edad2d122b110fcdc49292969c328f88579fcb761f673eec14a9c9df86fc5c96cc6a2d85a7dbe24de0158b79fd9713fbaaf05c514f5467799c41c5d5cbbe289ddb331a5bfcf1ae0aa7c8ccebf71a5a457415d9c1f7abf5eacf309a7ce981aaa252e6c84d067dd9d8fc9b8abfbf397423240000000d938e5aeebc41be574ef6d3dd82ed7e43fd2e3b6646ef30be056e5a73830ce79fc3891ef478d90214d0c62d05bdb82611613bdbdf8e4c33874afb72814f655ca | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2880 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2880 wrote to memory of 2836 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 18.172.88.79:80 | w.sharethis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.75.234:443 | ajax.googleapis.com | tcp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.75.234:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 18.172.88.79:80 | w.sharethis.com | tcp |
| FR | 142.250.178.129:443 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | tcp |
| FR | 142.250.178.129:443 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| GB | 18.172.88.79:443 | w.sharethis.com | tcp |
| GB | 18.172.88.79:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| GB | 79.127.237.132:80 | cdn.popcash.net | tcp |
| GB | 79.127.237.132:80 | cdn.popcash.net | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| GB | 18.172.88.79:443 | w.sharethis.com | tcp |
| GB | 18.172.88.79:443 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | dcba.popcash.net | udp |
| US | 8.8.8.8:53 | cdn.mobicow.com | udp |
| US | 8.8.8.8:53 | mediacbs.blogspot.com | udp |
| FR | 142.250.179.105:80 | resources.blogblog.com | tcp |
| US | 3.224.163.76:443 | dcba.popcash.net | tcp |
| US | 3.224.163.76:443 | dcba.popcash.net | tcp |
| FR | 142.250.75.225:80 | mediacbs.blogspot.com | tcp |
| FR | 142.250.75.225:80 | mediacbs.blogspot.com | tcp |
| CA | 63.141.57.216:80 | cdn.mobicow.com | tcp |
| CA | 63.141.57.216:80 | cdn.mobicow.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 3.224.163.76:443 | dcba.popcash.net | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| CA | 63.141.57.216:80 | cdn.mobicow.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\pop[1].js
| MD5 | 4e52b7473fb5439a4a6ae8b48d7e1c38 |
| SHA1 | f27853125646cd926bbfd9504e72aa98fdfdfdeb |
| SHA256 | 36b44b4585f42fd4af7d626e6549bb0439ad8ce858803e1ff513c432a1580480 |
| SHA512 | 02163152a5fa978f2df90523acbde440e3f72dfdf446bc30e08a680a9f14405ff28365e20e48ae4dddc0442bc236f67f74b37941e5ce00038d521aebb95081c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e093c6f1e3b59f2e94f160e8801d279f |
| SHA1 | f7577cd41482911eb277482c8a1adcd71de49548 |
| SHA256 | ee0cb0242c52e809f52e5837ac8479ca2092b732517ced65a77c727b8b5db2d0 |
| SHA512 | 01aa7286947ff02bbfe27a93d7db498e3a65bd341bccaadbefe891d3312e72ef4c91057c4fbb08db20774f9e88c360a9ad42ecc4f63c73360d324e13097c04f9 |
C:\Users\Admin\AppData\Local\Temp\Tar68C5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab68C3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 482210e8109a60b81101f6173468f0ae |
| SHA1 | bc904bc1ad2d42fb75520706c8dc4e62b0d512a0 |
| SHA256 | 1d8a4dac7ea6a2f93b2b6ecac793da4b60b2b8b6fcb67117680bc9db7a286acd |
| SHA512 | 4831edfbace8c22cabd2129f8aee451c57f80f315d6af7078627f685fd41a36ad418a03679339d99d750992ec87c60a752004320487da72ed94ffc018417705c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ddf4fca38ac88a6947857093c43b778 |
| SHA1 | b7ad25739311c4cd03bed21777dcea64e8867eb3 |
| SHA256 | fd78e69db244654bdd7530c381c48b1e2ed123a790688672a2eec739df5b5401 |
| SHA512 | 19c3213f5b62d6861d2c995cfb1b84b894e1aeeb072707f460cf13f41b2c5ddcf77583a12813d69b013ce64c67720c4e5e30d54115491e547d0bad005cb79360 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8491a0d7a22fd94cadd420a320dbcbc1 |
| SHA1 | 6d4d30cc08b005936e6608a610a29d85903641b6 |
| SHA256 | d04c87a6fc77d8ea7211406af8df0d5517c95ad27227fb04de3935c77bed3670 |
| SHA512 | 21ab29e6a205f00f3fbf80c82c68516729b0bdb723d3cb61ed65d81424787a3b59ac589305f2d72187a8d4e0ecf4cdedea2083f2ebcdb09724a0d8723dadbc53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9ab5096d0796c7db4afecc3a65e0ad0 |
| SHA1 | c41fa4c96733f54c31c4442f1ddc9d706bd376a5 |
| SHA256 | c615aac4933602e3a4d89b092cd3aa67fb71a0578be2d25bc093adf4a1c0be3e |
| SHA512 | b8c19e95a75bd104b2a06b3b646fd667ef843580eda77d212586f280123651954a127b7faaf5a8a061f1940dc3b0eb0d4bc91db8575e3d6d86cc0368333dd672 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dd94cdbf824c6b0aed613cd280c8c17 |
| SHA1 | 6fe95d30185b05e525d5c76ca652d5fd353845fa |
| SHA256 | 8f02e85b671f54d11b2835e9a2228678df3b97b2a66d65dfe51fc20359532757 |
| SHA512 | 728271eaf33b426d7def63c054d903035578c2f1b58196226ae84ccdf82e7162b9965252e607ea02ac39f3b772236116a3c850dc28a7d55ca20f12b3ae1c48c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ed1a5f061164c9746409d966914daa |
| SHA1 | 98cf51ac5d9b3ccd1eb33f1806e5aa85509314a8 |
| SHA256 | 5f360d1d92eddd956a227f4fe14c49bf147cb16a5a469ec33ce8ebc556777326 |
| SHA512 | f01df75fb169a2edba965482ac9fee8d5b8dc4e93c9b0d5940995391d9bdd63916b7cd54e5d7640872198b2e01163e7d8dfeb9140d9045c55cfd3ca60b0c64a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6b190eab8d5f41d9e5722577ae0a1cfc |
| SHA1 | 8b6ed25cf5deea99d6a56d95589c5840944c81ff |
| SHA256 | 9d0ae378ecb0693c61012a0a9cac95e080a21a8a8cb47e57ed64b06dcef83bfe |
| SHA512 | 481b75c3746cf12eae647080d8e86af37e8bbf064c15742e6b7119578c9b148b8d901030908cc4bc3549098c44fd79a44441360535feb1bcc3a1e9a3ed834169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbba61fd39ce3bcd8687922b51365daf |
| SHA1 | 7d52813e67683f3a01ca10756e42edd7b64c6467 |
| SHA256 | d1a78487ba9d1a36ff9cb7a0d9b14e9405603b1a3d825444f927dabcfba35bdc |
| SHA512 | 82c685bb8235dfa1af4a2aad5245fc4a6fe56d1189940b36e6932052e3a76f8ee0edd849bfdae41ff69b423dba0ecb0c48459bb85059b85d7d57c2f61891985f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b1036265f59ec66274c7d55677060ad |
| SHA1 | af4be171218deee856e1f3aaa1c2c925b5f991ea |
| SHA256 | c04663476cdd8e89eefed0f82f93a6cac18b9a92926186192b8713b9593e53b3 |
| SHA512 | a9053d11308b940f405ed94f3a9c72a256b4b8c929ef83d64672ff707636957119c3adeed185503968b136b038c759862ef41164365512de20fe29d9d32a3639 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c38780121fae4eb2a9f544651d24c571 |
| SHA1 | bf59f9f434918ca2303db368098315c2d655a4c6 |
| SHA256 | b2d52cc2bbb890a5759ec26055f9b72854837ac36f592671b243cf5f28ed5e11 |
| SHA512 | 1e8f4542ab86ca7b786d13613a7685f306ebbcb27310ebb268c5a3d9b2a53294c73f536017a4b8f649a3cb103f125d12405cceb96d87cd4653473827d7967abd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a497a76ba03d02f6916cac08e0dc9fc |
| SHA1 | ac8f576015cff756bc66460351e5a95eda79e21c |
| SHA256 | bf7748b36b30ad82bd541a894bb65b04a7e4ea050a7bfb739efd4aa3278029f3 |
| SHA512 | 2b7e08b37552ba220fc191c3f9ab8f9cc302c43c5d36863b37f5320370b4508e241abade35dd047ba6a7bc413f68cdd989cf51cffc83da2b4e8b2c0f49668903 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9af990bce9e2fd62cd4389eca939aba2 |
| SHA1 | d73b650a205bf334f0238bfa29c13acd1a6ad14b |
| SHA256 | 667937815e67ca819835a211e2295fa52ccb85d4858cd208ac6ee21d1f7beea7 |
| SHA512 | a191dd0c6d6f1939460f5ed43057b13f4a4490274b26fb3ac6396737e8702796c2f0857c9f82a8dca7e97435e7b6248b12d8a42b31841f1e34875398c73a5d9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25b559f869fd4cce00d238b0dc10ae7b |
| SHA1 | 2538c9526693dd4061b3179c1a357a1715843015 |
| SHA256 | 6f2d4297dc85303253381121588ecd22ac9d76a062572bfd003b012df1915910 |
| SHA512 | 894feafa815d1bda06641dab4fc36b239e65deda2aeb05e92b294cf3edfd624f4064eb4cbb0678afe4e24cf40811cd3f46813e7b34fb72314ed7f9970ca0dfd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6010dfb63119134feb04170a52b8d89 |
| SHA1 | c37e49cb1df338452043bc0c5719b0147e6eb8c8 |
| SHA256 | e7d995e6476e0c780a07894e706d5d6f4b89879de51ebe7943ce3ca372b19d15 |
| SHA512 | 53aa56aa23a122cf81bedafb75c546261707931e453bde97d8c03a40becf6df3249c38770903ee7cbef156da35157be7c66d4673e027f00886bc3ab49618513b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f63c4ca5f93c91e8c63045575b7fe4b1 |
| SHA1 | 333a0c9b323a7ffb892b52aa6abf77c318f4e736 |
| SHA256 | b24975dcdac838ce31cf2433ff5cb5ad6225aae383d4f2d5eaabef02f26f1b87 |
| SHA512 | b2069af2a5e9b3c50903fd312ec5310385b514271e9f2cf0474fef5b24cd09db5807a5ac192fdc17ade715e3762b664abd7836edaf54c3bebe491ef815dd94ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d37cff4164052f4d27c5020dbdc662b6 |
| SHA1 | 9945b67d4fe69b47140000e5b6265b2068409f56 |
| SHA256 | 4b34e4d2081a08b1816fb167cd3424f84923694c94b7e8c2198dacf6ed2244ed |
| SHA512 | 6c82123a67d811c1ae5061fb71d920f7b53121ef2532508cafd4dae2dd103b376571c157fd29f0b2c11f80441892ac687ae9bbb131d13111dc6672f445524176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf13f897be71b088d4baabe84a8197d5 |
| SHA1 | d7f071512d56f02881d5b4b800c9388e3147d9a8 |
| SHA256 | 9dec814457d750e9c14d3b2a88e3a38fc4d7b58d2bf10a997e8153f1e0961255 |
| SHA512 | 3b4c8e0e9c040d5a7bf1a3f1a11ed2b04fd9989bc1d76367e020f3977cce6c0ae3106cf5c071b61cac810f031d55c194aeb09a39bd2e82fca269a7378a5acca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5957842e7f304fe5f0071122ea03b61 |
| SHA1 | 40b55332cc211ef96f03e50c2f0d54ac375cb8eb |
| SHA256 | ccf20dfdb98ce70b260a49d5155b8f364e356f40f1497d6cbd0f8037e08303cd |
| SHA512 | 2a81bb8efa743aa007533a3a9ee2e443f5ccad8d7f41ca9331ec6381b7b8e15b89e4ab8a483f897de2049edc1f0e3065fef07156339b2233d9a9f39a69ed6831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31eb77bda9a84c022a9f634fec6e61c6 |
| SHA1 | 4d55d2938d987f80cf60ed962d923ae073e2db4f |
| SHA256 | 56f88a0ef661136c2a81adba4e5371c97c4f13f342cac305776496b9e890f3f6 |
| SHA512 | e4944878ff04f3c6be98ae160da2510428ab897d236a2701bab8118b9b0a87b018b91b83689a5d8d58b0511130b0425c769d9710167628ede46a4c7f569c7c1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 621caf10d328403c891a04806f68fefe |
| SHA1 | 336a7c1acad3615f3389903c21ea581b7ef799ae |
| SHA256 | 55e96b80e2440470c268f3b74ae8dcb2ac97267ae6852d7ef4ed33320c7b6c63 |
| SHA512 | 546a25c2d949359c4a8ed3de0c8eb1a095726a8d193db0774e2354dcc7a99150f89ce22344d0f092370bb07cdf5f0b528588f0919b2f2bd2b3b9192d9ca62650 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c580a719e70f3072eb76fc16bb1d5fa9 |
| SHA1 | cd99dfec6b50ea93b1bdd23046593a601a319c10 |
| SHA256 | 213da8125e8c00c06c44277e2410e333096b1998943ae855435b63e003b4425c |
| SHA512 | ff446ecc8dcdd95917729e648f7ff749f71630ef8e937c8851b91cd0c4af8e262338c8fb557b43b6f115f32d126cb6e8f39dada93aa4672f4347133aa12a33ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92186b7f5704ca870c0d5163729f9db9 |
| SHA1 | da30d601bc02c354a5e647570194bab9103ca089 |
| SHA256 | 14d51ce2487ea20c4612cfdae1d9d027a077ded9396e44a64f0e4a6ed04ce77b |
| SHA512 | d22b32d394248062727fc1b0e978bb0144e80847c9eb9e81114b41fcfd133f0c3fd77c391cd43a621910165e4ba5a74142db2ae5fbb07768f24fb624dbf0b237 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 12:02
Reported
2024-08-25 12:05
Platform
win10v2004-20240802-en
Max time kernel
138s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0b5f2fa79244268341d4d99ae21adbc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4928,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4192,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5420,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5608,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5616,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6036,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6296,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6452,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6732,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=4180,i,11391966286255097843,10588851088187498028,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 40.71.99.188:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | udp |
| US | 8.8.8.8:53 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.178.129:443 | 66b8bd27f6ee94fb8d71d4fd491199e4b991d705.googledrive.com | tcp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.99.71.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| GB | 18.172.88.108:80 | w.sharethis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| US | 8.8.8.8:53 | cdn.popcash.net | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| FR | 142.250.179.97:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 143.244.38.136:80 | cdn.popcash.net | tcp |
| GB | 92.123.142.200:443 | bzib.nelreports.net | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.75.226:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 1.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| FR | 142.250.178.129:80 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| US | 8.8.8.8:53 | w.sharethis.com | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| FR | 142.250.179.105:443 | www.blogger.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 18.172.88.108:443 | w.sharethis.com | tcp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 108.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | dcba.popcash.net | udp |
| US | 8.8.8.8:53 | dcba.popcash.net | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| FR | 142.250.179.105:80 | www.blogger.com | tcp |
| US | 3.224.163.76:443 | dcba.popcash.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 104.22.75.171:443 | widgets.amung.us | udp |
| FR | 142.250.179.97:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 3.224.163.76:443 | dcba.popcash.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | cdn.mobicow.com | udp |
| US | 8.8.8.8:53 | cdn.mobicow.com | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | mediacbs.blogspot.com | udp |
| US | 8.8.8.8:53 | mediacbs.blogspot.com | udp |
| CA | 63.141.57.216:80 | cdn.mobicow.com | tcp |
| FR | 142.250.75.225:80 | mediacbs.blogspot.com | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| FR | 172.217.20.194:139 | pagead2.googlesyndication.com | tcp |
| CA | 63.141.57.216:80 | cdn.mobicow.com | tcp |
| US | 141.101.120.11:443 | t.dtscout.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 142.250.75.225:80 | mediacbs.blogspot.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.163.224.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 157.240.221.35:445 | www.facebook.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| GB | 99.86.114.51:443 | ws.sharethis.com | tcp |
| IE | 34.252.98.56:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 11.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| GB | 99.86.114.51:443 | ws.sharethis.com | tcp |
| IE | 34.252.98.56:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 51.114.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.98.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| FR | 142.250.179.105:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| FR | 142.250.179.105:443 | resources.blogblog.com | tcp |
| GB | 3.162.20.13:443 | count-server.sharethis.com | tcp |
| FR | 142.250.179.105:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 13.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.178.129:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| GB | 88.221.135.25:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 25.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 89.187.167.38:445 | c1.popads.net | tcp |
| GB | 84.17.50.9:445 | c1.popads.net | tcp |
| US | 8.8.8.8:53 | c1.popads.net | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| DE | 157.240.27.27:139 | connect.facebook.net | tcp |
| GB | 88.221.135.34:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c2.popads.net | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| GB | 18.172.88.92:443 | ws.sharethis.com | tcp |
| US | 8.8.8.8:53 | 92.88.172.18.in-addr.arpa | udp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |