Malware Analysis Report

2024-10-23 17:22

Sample ID 240826-wgghtsxcph
Target c3887c73d92f7095655941ab27626354_JaffaCakes118
SHA256 a37fcdadcd2a2319b7bf7606825eb10945f66f5b7d7cb4306a80980414628386
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a37fcdadcd2a2319b7bf7606825eb10945f66f5b7d7cb4306a80980414628386

Threat Level: Known bad

The file c3887c73d92f7095655941ab27626354_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 17:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 17:53

Reported

2024-08-26 17:56

Platform

win7-20240704-en

Max time kernel

147s

Max time network

155s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3887c73d92f7095655941ab27626354_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430856702" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25FDE6E1-63D4-11EF-845E-D61F2295B977} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3887c73d92f7095655941ab27626354_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 img4.imageshack.us udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 kozumiro.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
GB 173.222.9.148:80 s7.addthis.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.74:443 ajax.googleapis.com tcp
GB 173.222.9.148:80 s7.addthis.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.97:80 2.bp.blogspot.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.179.105:443 img1.blogblog.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
US 172.67.69.193:80 www.widgeo.net tcp
US 172.67.69.193:80 www.widgeo.net tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.75.225:80 kozumiro.blogspot.com tcp
FR 142.250.75.225:80 kozumiro.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 38.99.77.17:80 img4.imageshack.us tcp
US 38.99.77.17:80 img4.imageshack.us tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 img35.imageshack.us udp
US 38.99.77.16:80 img35.imageshack.us tcp
US 38.99.77.16:80 img35.imageshack.us tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 172.67.69.193:443 www.widgeo.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.251.119:443 mc.yandex.ru tcp
RU 87.250.251.119:443 mc.yandex.ru tcp
US 172.67.69.193:443 www.widgeo.net tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 www6.cbox.ws udp
FR 142.250.178.142:443 apis.google.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 8.8.8.8:53 arvigorothan.com udp
US 172.67.150.119:443 arvigorothan.com tcp
US 172.67.150.119:443 arvigorothan.com tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
FR 216.58.214.163:443 o.pki.goog tcp
FR 216.58.214.163:443 o.pki.goog tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 159377bcecf81d1243f5615628ba7b61
SHA1 bf143d094d2b45dca1e94c83e5d230e953be5320
SHA256 4c4222452b82c41cf7390c4ad58d278fb8399929f892fa8f8b376dc818c406e7
SHA512 b3b55118a8542f12e93191e77e51f7af5a882a4a698d36657f7ec8a92f180a593715debdcef8aadfbe942ff808b7516280ff4d0491a95515d2141bb2b613b562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 eecdf0a7dcf35d061d4f6ef3a799307f
SHA1 9204d28a1720eb5f94c303ed96a0b9330cceb647
SHA256 37e52308a382dfa7a2233b3a708175fe7945ed6c90605ec50c7171971c06f923
SHA512 370a6a75c2328eb5c37ba8817c145b571108644edb28ea84e8fc6a759006161cffad3db4f21d6d00b492894d1ea7f07653aeaa325f6f7eb74ea48e96aee8ca65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 379dbf36e434e466e73e3d8625c0aec1
SHA1 3133fdfd0d42e2fd1bda12b9757355353e393718
SHA256 f9b8718635525f11f5aba543be9b7e23277f932a3eb3c036cd82db5d5ac9de58
SHA512 37d06468def2a3c6bc63f4bb23c1b9436b64731381523f57d1db9ba4b934fe2f386124d210d7719816802ae8bee163da41a27daecd0671fd05077357992adf90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 375a2c2d434d6713c7fe0802eb9b61b4
SHA1 9047081ab6c3123436295b6208fedf9250f91f74
SHA256 13a1beec87fefaba947680810350b4d0b57fb93beeec3b3df18de7fe806025a1
SHA512 73c233dbf0cc8fcdf53d73d6852237fa5df1b40ba53e64fd542e077fc49835bb1db3eec28b3f92fc3de9af4445aa682ffa85851b000fe3d02582f7f5c3506e95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

MD5 a4ba82b5586bd57e209f4095d4e1ef92
SHA1 9e4a0ff503d376930b024fd060052391a031df52
SHA256 fc624fae0b7c21b0586c73f0cc2d82fe01b9c281c2e7ebc155142880b894457e
SHA512 aebec76ba18f55d67764a7e4c1859fe9ec004366fbf261c6bc4d585336fdc65481e39f8dbd7244d1fff7c94fd2fa09cc71d319217985a4288201fde94c18ef76

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\cb=gapi[1].js

MD5 ed72d618fe48f6fc42c19a4b58511e72
SHA1 80a2da4af91d56ec81c7b672afaaaa72c83a4414
SHA256 5bfd37a756bc7772aa6c520102870dafe2d3b808c562412e30f122a7908f8ad0
SHA512 5378b71a33f67309f788b9fce32daea44051e7e9a6aa326bdd783456ee9eb2f4817aec2ad1e837afc1853acba59080b0114d32c040ea731ebd703f0a84dd7ae1

C:\Users\Admin\AppData\Local\Temp\CabFD52.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e787dc0629b445136b12028eb563f8c5
SHA1 a6704aec285c4939fc45ef11ea85a7780a24d11d
SHA256 fa30a714404e61bd26397567e71328aca68ee61eb840d28ea7c789e683a2488a
SHA512 7050c1ca5cda10ed5dee74a893a7cf3bf4d9e5fba4306c0e38cd966464bc5d8e67657c830c29ea729149d043447148eeaac96337b2853de7ff452f399f807863

C:\Users\Admin\AppData\Local\Temp\TarFE5F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 17eb278abf02638c2e81575afb99d99a
SHA1 4a26381ca5ba70d18342c6c31772a3c12b5f29bc
SHA256 117c7c637ad7ae1357debdcbf6cd32cf6ea80a82008f5829cdb73849ad06dd1c
SHA512 7c933f3b8dc6ef9efe0482faee532b52dc6730c27449f5e089e0d19054b3d16880c807dcd259b61307a77e2c9ea135c0352878110619fd078886b4afa7fd3cc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 076462b24d6019ad37ad40ed77cb2cb8
SHA1 3279a5ee90f33ac18bc5c1f74c442242bf1eb471
SHA256 c2a140cb14d6bc9829b3a4507e8fb12a6c39d4ba050506b6654a6ed5af1516ab
SHA512 f69e498a2ad6d459e5d6a8671da8afb84d7737d3a3d1e73f50290e6b352cb0b40f57f5b635654300fe9089865d812e182ef54ecb188e85663c7222a4a5b6338c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\1380534674-postmessagerelay[1].js

MD5 c1d4d816ecb8889abf691542c9c69f6a
SHA1 27907b46be6f9fe5886a75ee3c97f020f8365e20
SHA256 01a956fa0b3ea8cb90d7032608512bc289c4170bf92759352e40062d5be2946f
SHA512 f534f057e46998bd1ff2c423ad2cf04a880c4a5259e95aee5c6ae34ce7121ccd07ad1bce5d4c3a51ad04f7411b0625da78808326b13d2aeefec502988e113113

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\rpc_shindig_random[1].js

MD5 45a63d2d3cfdd75f83979bb6a46a0194
SHA1 d8e35a59be139958da4c891b1ef53c2316462583
SHA256 f7067f1d01d9c60618becbe4df3d61778244108459226e2e8a818cfbc2c18ae6
SHA512 cea9c9eb8ff0c43048ff371f135148438fc1a2614bf8bbc3518cf430c37778edba3452ce92b4236679cd1a4123af0ca320f530b1c20cedd0883b545209c048cc

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 17:53

Reported

2024-08-26 17:56

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3887c73d92f7095655941ab27626354_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c3887c73d92f7095655941ab27626354_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4920,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4932,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5412,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5588,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5596,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6124,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6352,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6552,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6556,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6916,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5916,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 img4.imageshack.us udp
US 8.8.8.8:53 img4.imageshack.us udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 13.107.6.158:443 business.bing.com tcp
FR 142.250.201.170:443 ajax.googleapis.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 38.99.77.16:80 img4.imageshack.us tcp
US 76.223.54.146:80 yourjavascript.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 cdn-images.mailchimp.com udp
US 8.8.8.8:53 www.microsoft.com udp
FR 52.84.174.127:445 cdn-images.mailchimp.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:443 www.microsoft.com tcp
US 38.99.77.16:80 img4.imageshack.us tcp
US 13.107.6.158:443 business.bing.com tcp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
FR 142.250.179.97:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 170.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 16.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
GB 173.222.9.148:80 s7.addthis.com tcp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 kozumiro.blogspot.com udp
US 8.8.8.8:53 kozumiro.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 pipes.yahoo.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www.widgeo.net udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.75.225:80 kozumiro.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 pipes.yahoo.com udp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.105:80 img1.blogblog.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 172.67.69.193:443 www.widgeo.net udp
US 8.8.8.8:53 www.microsoft.com udp
GB 173.222.9.148:443 s7.addthis.com tcp
GB 92.123.142.200:443 bzib.nelreports.net tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
FR 142.250.178.129:443 lh5.googleusercontent.com tcp
FR 142.250.179.97:80 4.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
FR 52.84.174.24:445 cdn-images.mailchimp.com tcp
FR 52.84.174.32:445 cdn-images.mailchimp.com tcp
FR 52.84.174.125:445 cdn-images.mailchimp.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 cdn-images.mailchimp.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
FR 52.84.174.127:139 cdn-images.mailchimp.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 148.9.222.173.in-addr.arpa udp
US 8.8.8.8:53 193.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 225.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 95.101.129.194:443 www.bing.com udp
US 8.8.8.8:53 194.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 www6.cbox.ws udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 img35.imageshack.us udp
US 8.8.8.8:53 img35.imageshack.us udp
FR 142.250.178.142:443 apis.google.com udp
US 104.26.10.22:443 www.widgeo.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 57.144.120.1:445 www.facebook.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
US 108.181.41.161:80 www6.cbox.ws tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 38.99.77.17:80 img35.imageshack.us tcp
US 104.26.11.22:445 www.widgeo.net tcp
US 8.8.8.8:53 arvigorothan.com udp
US 8.8.8.8:53 arvigorothan.com udp
FR 142.250.201.162:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 38.99.77.17:80 img35.imageshack.us tcp
US 8.8.8.8:53 www.blogger.com udp
US 104.21.30.34:443 arvigorothan.com udp
US 108.181.41.161:80 www6.cbox.ws tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
FR 142.250.179.110:80 developers.google.com tcp
US 8.8.8.8:53 woubugophaum.net udp
US 8.8.8.8:53 woubugophaum.net udp
US 8.8.8.8:53 22.10.26.104.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 34.30.21.104.in-addr.arpa udp
US 8.8.8.8:53 161.41.181.108.in-addr.arpa udp
US 8.8.8.8:53 84.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
NL 139.45.197.242:443 woubugophaum.net tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
IE 74.125.193.84:443 accounts.google.com udp
FR 142.250.178.142:443 apis.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
FR 216.58.214.163:443 ssl.gstatic.com tcp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 yonmewon.com udp
FR 142.250.179.110:443 developers.google.com tcp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.179.105:443 www.blogger.com udp
US 8.8.8.8:53 sr7pv7n5x.com udp
US 8.8.8.8:53 sr7pv7n5x.com udp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
US 172.67.69.193:445 www.widgeo.net tcp
US 104.26.10.22:445 www.widgeo.net tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.178.129:443 lh3.googleusercontent.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 142.250.179.97:443 2.bp.blogspot.com tcp
FR 216.58.214.162:139 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 242.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.widgeo.net udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh6.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 nizamgadgetstore.blogspot.com udp
US 8.8.8.8:53 nizamgadgetstore.blogspot.com udp
FR 142.250.179.105:443 www.blogger.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
FR 142.250.178.129:443 lh4.googleusercontent.com udp
FR 142.250.75.225:80 nizamgadgetstore.blogspot.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
GB 95.101.129.194:443 www.bing.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 77.239.69.13.in-addr.arpa udp
GB 95.101.129.208:443 www.bing.com tcp
US 8.8.8.8:53 208.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com udp

Files

N/A