Analysis Overview
SHA256
d9878df8c966f8f857a3f368ab5291f1c74cf54f486d74700783a7878fcb88da
Threat Level: No (potentially) malicious behavior was detected
The file 8c675b123e257f05c834d7a149149177_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:04
Reported
2024-06-02 01:07
Platform
win7-20231129-en
Max time kernel
137s
Max time network
148s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452153" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ee73194a7111a4ca82301c2caf4f31b0000000002000000000010660000000100002000000090c5871a1243cf43f5e164d4feb97e2f8ee60eb971930415b2e48e991bc14b40000000000e8000000002000020000000475c00957f870cc4fd23dd03622e1e3a950d5585e0303968135567dad2e1770590000000f69d07ccef1a44fa366f517e6f502fdcb583399ec7491bddc797b0a9d2b71b52e691bef8f4e70bfe5183564815bc799376658a5f0a98472fc5511a5035da5302b5b550806cb41a0d466b1d63ead68eff2150c526b3cbc1c1a0e333bc375393080222a2dc05812f56bd2d29e5534a72502fa5d1ad962b2606364cf596009ddf402c4d0ad1a0b9ffc401c028886f5b62a3400000008741ae1cf8a836601c7fee87031e2abb689412f3c63e04735b101174f1899510146b68e526f2c1aa40dc5fc49a7cd2db9b86b868a8d9463063ce520bc3a8a699 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19CE49F1-207C-11EF-BDEB-D6E40795ECBF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504815f788b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\chatroll.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002ee73194a7111a4ca82301c2caf4f31b00000000020000000000106600000001000020000000b717915037a1e69094a7b7966c6d2cb2c972ab9a1348476114d59b0bfc4ca046000000000e8000000002000020000000f4d8839fe358f37cc6db688204b967b8be2aa529395b5e27c7189454808442c92000000098e363d84fffe3d59ce0fe3dddc56acf262bf9b664738ae76c24fdad69919d9540000000b54395d7d9f53fa7ebe5472f47c8ec2f57755a0fef7c72530bb8f9c6410518901c492daaaa23472885e4ac68d80eeefed7f3a154f1d95da4af4ef698e257b628 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 1136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 1136 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c675b123e257f05c834d7a149149177_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| US | 54.161.222.85:80 | pingil.com | tcp |
| US | 54.161.222.85:80 | pingil.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| GB | 18.244.183.77:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.77:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.77:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| GB | 18.244.183.77:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| GB | 18.239.238.160:443 | d167qii8h0pw75.cloudfront.net | tcp |
| GB | 18.239.238.160:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| GB | 143.204.178.152:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| GB | 143.204.178.152:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24
| MD5 | 3e455215095192e1b75d379fb187298a |
| SHA1 | b1bc968bd4f49d622aa89a81f2150152a41d829c |
| SHA256 | ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99 |
| SHA512 | 54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1135.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0b0f2c6f3c9db081a7b9a5acfb3a4bcc |
| SHA1 | 347fa67e4725ddd85b144706a5342a46ea4981c6 |
| SHA256 | 75b92d89bbeeb5b1ffd0cf4a6b6de379dde81a323c2a54001fdbaead6e76ff4a |
| SHA512 | ab0f43b62f454f6f8456e2eeebe341a649cdc5ed943d9e0b877bba75450b308d849d816ebc3990d6e700c2c8aca9f80aa7289e8173d0d41a71498c6982825cc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10771123c0a51fd99457b5b16684bc2e |
| SHA1 | 28d4600ff366634fcbd5bca4a49a438ddfefd25e |
| SHA256 | d800f2a63c0a3ae01058de1f017df4933446bdf9de1de03505846920b73aefe6 |
| SHA512 | 3859d50146c216cf5c1bbf5b5cb4850e39293de34b2b765cc8b0f9ba1f562288a2dec458109a1a7cc1f684a15432af2c39a36e895a54c4b9913576fd970113ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ec1b4ae8a7d8c5a891ea88c4768845c1 |
| SHA1 | f928b82223e290cd17af0614b7435dae5acb97d5 |
| SHA256 | 5bfe6c60903794aeac6f52c863f2d753ba589fc7bae7cff15c9ec108287f02f2 |
| SHA512 | a81062da78c75155d411a1c9ba364eb50d2379c264ecb525982b6323a78d87cf54447936dc43d8d388ccdd4cd0c79e830604375eebe08f2c2196605c28af76ab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHMYN4A4\jquery.easing[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e45e619e897e3e3fb040001c59f1492a |
| SHA1 | 192c331e72c5e85908b2518c9fddc45bc0d79fac |
| SHA256 | 159933a20be82cac22c71e112cce4a3e7394cbc1dce3d1d8461b9ac689173594 |
| SHA512 | b30b8299082c4c78dc6652ddfe9026d26a1a0d7e1492011447a1a21259a8932e3ee6888700fb6e5ab92418dc11a4dc9dfc632bba55bb9edf3047681446d5aa84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adc5999b76ddd4fad9c27f4567d70657 |
| SHA1 | 1d34f16a06b9135a21fba293c54a0a04dc3254ee |
| SHA256 | c5d2310731c92ab0ed6c31e9493392963c524a5a1aab7187c51668ceb60f4829 |
| SHA512 | 1a0642bda09b69239e7782d193cf9c513a499d2c3addb6537890a84ea654e2de5dc4f131f3ea0f16916fa02e4708bb882216453d39176ca4f9893391c55675a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be2e12f33f83f85fe71a1d11c3858148 |
| SHA1 | 2eb5ac3c7ff483b630c186326c351fc7d731df9d |
| SHA256 | bf1922f4a41eeac04285db735cca345c85dbe78d0b670561422c3938bb61b647 |
| SHA512 | 61253546283e16340ea61d4e9109c70638ba08bd6f27fafba78072c96bcbf84aa98d35fed3f66a03755f903d1bb4d19b3b305215cf883bf0e482cd7ba7e92ca6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccb17cc74827aae777bb40d73ba3eb15 |
| SHA1 | 4e5f2ae2d0a88def0bc758e4967a544010f068fa |
| SHA256 | ce2ede08c1df08c462b486a13fbb702c6aaed9288403969ab23d1bc3c9ddade6 |
| SHA512 | 02d7ae6d8cfeec8fc26c150ce656201b109720f4c14c085087986651e58951b7742bac96f096f8e25de022bed8e83b08f2a7cb186b6ff82a01bd2b08cbcfe979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 75e41137c825c3fa82d16d45226d1d81 |
| SHA1 | 991fce9be735e245540cb864ebe07aedb0427a5e |
| SHA256 | 92ffdc0cbe0706d5dc470dc64bb00994eaab732bd2837e64004c8f062342af36 |
| SHA512 | 617c49c0c446a8bf1125c08eb54b3ad173cfea713da2829314ffee0bfd7e94518b0a8651b523b640196c75067b8aa1bcc77d496329c63b03ff2c47b1644e1a75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053c4463195b58f66eb670f70161534e |
| SHA1 | 17059e34e5c83df7adbf210ac594ea7eb3513f62 |
| SHA256 | a4987d32063ccca4aa0469288bd598918c0cc37ba1f9c55b607b07b6e39c57ea |
| SHA512 | 178262a4af1ba804671da496308b65591b7abf82fad380307b16d5c4f78e39f73b9fe9fb03a36a46cc7526fe494ba83a354898cc51784a04943fa30218fdc144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95732c1107aa7e5c74ea72b78780dc79 |
| SHA1 | e1e646b4a582ac4f099bef00b75cbb0436f13c63 |
| SHA256 | 032b2e436865b03de13725cfce5fb5eadb55680b84d1680aef9f5fd42736a3b9 |
| SHA512 | 89cf5cbe442be8b8d3e6776d45417130c2b5d847bfcc47e45348b0bacf1dfe8f8f3131fe7ae0c5df71ebed98eff67b734844e0cdfea85e0a4b80d74a3def27f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a2f49173caf8fb3861bb894cf08b504 |
| SHA1 | 458dd8c7b739f03daed9be8de8ac88a7e506085f |
| SHA256 | 937518a14b734fd3d881c83c34e4038a82928e4ecca524650ae82697fb8a6097 |
| SHA512 | 28a584dca282a2147013451787cae6ad11cec7fda774c21dfe7c2b0f181068b78997db0603bbe4525eeceb1790a390fb1a88eed1781ee1becbc8850f71bda020 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39be8593829c5897ebf41f13f94bd2aa |
| SHA1 | f8cc2a7ba4c775077d1bfe29cc3042e52e7c3e8c |
| SHA256 | 71e3ed7168303aab02befa4d0fac30febb7ff2ff638e097b27281a2881ce03d6 |
| SHA512 | 60310ba92ed245a3fe6aa63b413b8ef273754084b64d7f5a42045da6b1c7a07becb798e1b882dea876c5331b95f2fe623bcffe8d84ccf87784ee73aa4e7b6a2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edf2d43963f3c32c1168a67277b8f985 |
| SHA1 | af2c935e9e4c170ab67473866ed6fa80a97e66c6 |
| SHA256 | fdb9dc9207a3f472689a218ecc2b7f6653c9edacf71b6cad4c38634cdd60617c |
| SHA512 | 3474ef8b610acf3ca5ad5b6e2b310044f55aede7c7861f1aaa08fc29bcf17916a8fe37dc7d3505cb2891fc7ac805eafd0668145e6ae6bac39f52e46bdd548d0b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RWV2I3NW\chatroll[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16cdc924e371f24c25534e73ca9d3f21 |
| SHA1 | 2dba33ccc6c4301ee53b3f251d47d1a1def0b23b |
| SHA256 | 08b755d1ddbe6f5b1263f4c7a8774092902c1e0f723a24a93473e6ec3f38a037 |
| SHA512 | 16db0cbcea07808da75fe836bff9f7d5c8a99fe79ffd626a2477e1f0a9eff154adcc3164f49a73b2788266332b2b8bb8fb1e412beadb05c77742c6a20790389b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20b17f754a8cc61c27ecc02568b00b45 |
| SHA1 | bc9ca6880e54222ea30ae2bc5a65877196868640 |
| SHA256 | 2f77f6d5036f0948ec14865c6e8bb1a585f806f1558c7648bb68d6d648824463 |
| SHA512 | fed43e55beb0f9c09bd944466d1e46123ec634987ea430e2c1c0fbd7ec5d6f982a849b132fc285a85badad206cff453cfa4da34fee225163d35ee05409134704 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8675c6fb82c442525b5ab48dbdee754a |
| SHA1 | d40e942bf205e0dd190fc461e7644cb142511e4d |
| SHA256 | 8d940e077767850cc81f2d89108042b534ce80ac1e0831890ce0d4f1b16038a2 |
| SHA512 | cf8b835057746cbc3b8db61a1241ab10ee9209ca631749a1fb7a0d856f0f54c1c0e0b8dae62064120d3b3f22a9fe6b29bf0325fa95b2056635f226bf98f8e546 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64698418604ac59338f8a1e3919c1fd0 |
| SHA1 | 00268d331688b2f085636c350530cf40bc3527a9 |
| SHA256 | a5b3822e4b9d9f261ab72d4fa24ca1bf2b1fb2ac318242c6542e0439823c5454 |
| SHA512 | 2e295558a6a7eff8cce6c6988f514c2ddb33ce6148e0f473d44171859f332fab74d4f9d5b099112598f756e2f129f55f14bb0e68b0470636e2e3b3f5e977f61e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4494e55c1e157a3d22e224592b39e119 |
| SHA1 | 15347310cb954506578b8d796d3d978847809b22 |
| SHA256 | 1d477d1c07dbb53325f0587904549550f9d083a3a879dc3e4d1e931e3f204ef6 |
| SHA512 | 1234d8b055f81dcf0c4a5eec39231534ce6dd7a4d744dec82e7edecdb069594850c00a136d22d7091a7d608a7beb6d87b51ec9e0b258f02fc80bea67a984578d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb5bc089384048866e1c773ae127cba5 |
| SHA1 | e3fa446dca843d5836cb4dcc412a5fe0f154e618 |
| SHA256 | b21331d274c7d338b3a1faa69946bafa145962613624dcf6f28583473bfdc6f1 |
| SHA512 | 1ba92982d9c3a6dae2534bf400ff4c0d6c5291dcf5cdd32dce693557c9396f3751b50165923af20c44fc4d66eec4426dc0ec5a0b85d0b05f35ecfef46d095325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | a0c4e1a5bd2e67c2cb86dbfcca554846 |
| SHA1 | 330b47eb439d60f1d2d986db95e5787e0c1b5d61 |
| SHA256 | a0a3223eba3beee29c4d9bf7fb8c879478386c6f138e3a978a1aa86cfa68d784 |
| SHA512 | e65ecac337bc69144564b3f223dacee1b15a48026defdeb2c2f9bb18b3c7bef7c6931cbbdb3d0e3d8651f79c9f1ed920cae4c1896be623d649eff767a50fe65c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c1631b4b0cd1d8339182eae1a597f36 |
| SHA1 | b9ab04fa2ff858f383dc29f9ede17cb12904c6ef |
| SHA256 | e44e0342da18a3b4e81da974aa52bc562004a936801afe817b031d9cb429b7c5 |
| SHA512 | f980ab41b606cd3aff47da8a24407253dff5270f2707e23b441d326b444c59fc5c9a2c8bfa3202d6c33d2b63fc9bc4509375daed4a8962d51836b06258f874f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6473e9fc0dcf4fd85eac750624e4b09a |
| SHA1 | 8ecb620bc0eb3c7d1ac3ce836f977460566774f9 |
| SHA256 | f634e0759fe9e72cf705e134f7a391ccbe234dd4d87720afdaac79a53b28b398 |
| SHA512 | 0a633432cd5b7e21bc817ed3c0e6b09538d782e6452c738ee1866c5eb3ef3653c234d978bbf2c07bdcd5b9c33e407fb0e1ad951606e5266a34c89f1c2300c75e |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8eb887bea165852cdefc78b65f4ed7c |
| SHA1 | 0bfc5b07028c987a6e04822e154e911c840ab10d |
| SHA256 | 61a0ff46aead16d5cacb394ee133d56ae86bbbf353a20a79473ddf2764c2b0e1 |
| SHA512 | 3305847b6b3bc74bd5c91a3c870317b803199ca659e90f44c254d54c83360790f7d2983254b2d12a029ff56ddea276003ded1c7c87255ac77a77189508fbfec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7482a5e478ed4d8be7fa4c235e2206b |
| SHA1 | 5182ba7b6c3c903230f77c57abaadeff035f4a66 |
| SHA256 | 1e245014eeb603756fa7d71c7ac393ab0a6c8b7b0a02de549deebc3fa4627304 |
| SHA512 | 9be84ca03075174243d50396b7b9c2c10481aa7138824d7d6c56a802d0726c904032b3fb9920654cc0cd98162c998a4f33290953479405ee4bce2b1a88fa0165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b176d8c5ef689035c794407ed74d36d8 |
| SHA1 | 35882d910100151258afcdf5e41377ccae10a25a |
| SHA256 | 385b1cb8fbbb7c81ce3357b4c6275d2db7b408e9bdad83c1b5822c931bd239dd |
| SHA512 | d9bcaae772cd0b4b5871106dc79489e910d78b306d6df92e3ce7a9396ec1d1122cbd986b3aa81b63b4a13dfe76dc9ef3057fe79a2f77181b16a025d51f6255d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc72d63ff3f007385ccc5aed95e2b1c7 |
| SHA1 | 55b360938d505bc1438b0539105fa44d36c5cabb |
| SHA256 | a11e02269762974e1c690c55596d405351c0508d889ca9e1426e5ddbfa875b32 |
| SHA512 | 7f6d300a9fbae5dee2ec3e6ed28643546c1104ceb07ca2a0de847e7b0b906fd675286fd07b2880bc8fccd8dc248fc29ec20f06cbab87da9a60077aa18e1d071d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 411b393c19c60fc73ad60ee4d2d89323 |
| SHA1 | 998db92e94091733ea8d596d213d1532a4c8ea0d |
| SHA256 | ce80e656c88b3df139cd549244640548579f316070acbeb125da787cd849ef4f |
| SHA512 | 0aa95d036024fc863284e82f91cb32f41bf092b7da9b53637f22ee5c41abc7fa9d702c02c6537bb9e43245ac575d45224d22616e8bf2f04e96bd7dafd04381f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1f0eaec570579656c8bfe8843320fdf |
| SHA1 | d59554d0a2a7c0fe769ac3f8c9f49fdaa96e47ef |
| SHA256 | 8b74e5c67a6f1c9bf1537418112ac933a1170f4a38e02abea3fbb5d53669c205 |
| SHA512 | ca3913aece669f87a80c74990c86ee0429523c44bcaee0f29b3fa68203b1c94280e1b16c9aa9ed8ec9843181bc32a2bb8738c16b1db40bdcad3b6b368effee3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1fc6820ef7b22a83d585f483dbe18c6 |
| SHA1 | 42d12ac659d5266c1769965c43c7aa1f57ba98d1 |
| SHA256 | 7662327a3e1ab6049b76ef633760fae9dfe7d9a7c58e56a953316866b4f15693 |
| SHA512 | 7d0c2a53994bef05a7f6d9cc653eddf10943f0f09a74552bed86a687553a6c9ed3552b388eac1c0b6858cafce18dd10807d6972d0da8e6841dcf9bf015151164 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:04
Reported
2024-06-02 01:07
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c675b123e257f05c834d7a149149177_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4464,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3876,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=760,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5336,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5332,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5900,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5820,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6128,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6288,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6076,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x244 0x4c8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6944,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 172.217.169.42:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| BE | 104.68.81.91:80 | s7.addthis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 172.67.1.191:443 | i.creativecommons.org | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 169.47.242.252:80 | chatroll.com | tcp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.1.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.11.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | pingil.com | udp |
| US | 3.18.7.81:80 | pingil.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.7.18.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.242.47.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | dw3mgzt87vzb4.cloudfront.net | udp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| GB | 18.244.183.227:443 | dw3mgzt87vzb4.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 227.183.244.18.in-addr.arpa | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| DE | 141.101.120.10:443 | t.dtscout.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| US | 8.8.8.8:53 | d167qii8h0pw75.cloudfront.net | udp |
| GB | 18.239.238.160:443 | d167qii8h0pw75.cloudfront.net | tcp |
| GB | 18.239.238.160:443 | d167qii8h0pw75.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| US | 8.8.8.8:53 | d33tru5sm6wy0x.cloudfront.net | udp |
| GB | 143.204.178.152:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| GB | 143.204.178.152:443 | d33tru5sm6wy0x.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 152.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.238.239.18.in-addr.arpa | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 169.47.242.252:443 | chatroll.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |
| US | 8.8.8.8:53 | chatroll.com | udp |