Analysis Overview
SHA256
63914078eb1adef6abbaeb78158b7dd415c23ff1c09f14fafcfc3bfe24bc0076
Threat Level: Shows suspicious behavior
The file a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Drops file in Windows directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:04
Platform
win7-20240220-en
Max time kernel
144s
Max time network
144s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Downloaded Program Files\swflash64.inf | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File opened for modification | C:\Windows\Downloaded Program Files\SETF4C.tmp | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| File created | C:\Windows\Downloaded Program Files\SETF4C.tmp | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C57CDE1-2942-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308636d54ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e5d48293aeff540ae36af0867aed695000000000200000000001066000000010000200000005b7cde7847255de3aeff0f1b7c71adcdef3cfaced29175b695a2d743d04e9b1b000000000e8000000002000020000000cde6d94f355788cfd706ddb6e817469c29ac4f841bcb92a37383c7752f95ccea90000000363c9aaf9e7b1470e2997d07c0d1e6eff01c97c6111d506583579c4026a4040bdd370e5bd87b891256a7f157dc213e7a5be6fd6d31af10787efad7da1a047ea8628a85f7fd3a537109e51707c649253465bade799a02b6c20155d4184f68b203a5522b3915d3693820989df2a74353d78f2cb59fed6a0af5428430cc6ff7e397de8043cbef912358ebd1ff78544b9cdd40000000c0d741d8dc2f98b9d03e93a5d1157923067e2c7ad703bec80596823aa1c6eca11e133cd1dab3c517b1cdde47345c58caed6757b6a4e741c52a986856b3721aff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416780" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e5d48293aeff540ae36af0867aed69500000000020000000000106600000001000020000000d88984960cf79327b812e4399ee3c8d73f111b5cfae782914d33b6155ec28065000000000e8000000002000020000000bef679027b8fe7d72d244f26da156b77cbbcb0cf371515cc054004b4e7e0d8e02000000039e20dc8f71d5965fba1de4208f0ad73dacde492bd0d027e05026e3c6dbaa039400000007b39377b4af3b0764610ec673df677e9f2a375c12b4a972d52704458fb565cce7a3ead81297440a2d7c7118a13a0ba048a1df60d4002d66e0b8b95bbe3272d4b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275466 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | stuff.pyzam.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 54.214.116.219:80 | stuff.pyzam.com | tcp |
| US | 54.214.116.219:80 | stuff.pyzam.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | download.macromedia.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 2.22.133.225:80 | download.macromedia.com | tcp |
| GB | 2.22.133.225:80 | download.macromedia.com | tcp |
| US | 8.8.8.8:53 | fpdownload2.macromedia.com | udp |
| US | 2.20.12.81:80 | fpdownload2.macromedia.com | tcp |
| US | 2.20.12.81:80 | fpdownload2.macromedia.com | tcp |
| US | 8.8.8.8:53 | get3.adobe.com | udp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| US | 8.8.8.8:53 | bloggerblogwidgets.googlecode.com | udp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | safir85.ucoz.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| NL | 142.250.102.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| NL | 142.250.102.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| DE | 52.28.191.41:80 | www.wieistmeineip.de | tcp |
| DE | 52.28.191.41:80 | www.wieistmeineip.de | tcp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| DE | 52.28.191.41:443 | www.wieistmeineip.de | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 142.250.187.238:80 | goo.gl | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | googledrive.com | udp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| GB | 172.217.169.65:443 | googledrive.com | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| NL | 23.62.61.97:443 | get3.adobe.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| HR | 65.9.19.26:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | www.gmodules.com | udp |
| US | 8.8.8.8:53 | bd.blogcopy.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | services.nexodyne.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | hosting.gmodules.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| US | 104.20.6.134:80 | i.creativecommons.org | tcp |
| US | 104.20.6.134:80 | i.creativecommons.org | tcp |
| US | 172.67.132.158:80 | services.nexodyne.com | tcp |
| US | 172.67.132.158:80 | services.nexodyne.com | tcp |
| GB | 216.58.212.193:80 | www.gmodules.com | tcp |
| GB | 216.58.212.193:80 | www.gmodules.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 142.250.179.225:80 | hosting.gmodules.com | tcp |
| GB | 142.250.179.225:80 | hosting.gmodules.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | lh5.googleusercontent.com | tcp |
| US | 172.67.132.158:443 | services.nexodyne.com | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 172.67.7.63:443 | licensebuttons.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | weather.yahoo.com | udp |
| US | 8.8.8.8:53 | slidesms.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | wizpert.com | udp |
| US | 8.8.8.8:53 | l.blogcopy.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| IE | 87.248.100.208:80 | weather.yahoo.com | tcp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| IE | 87.248.100.208:80 | weather.yahoo.com | tcp |
| US | 104.21.95.49:80 | cdn.wibiya.com | tcp |
| US | 104.21.95.49:80 | cdn.wibiya.com | tcp |
| US | 162.159.134.42:80 | wizpert.com | tcp |
| US | 162.159.134.42:80 | wizpert.com | tcp |
| DE | 159.69.186.9:80 | slidesms.com | tcp |
| DE | 159.69.186.9:80 | slidesms.com | tcp |
| IE | 87.248.100.208:443 | weather.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | guce.yahoo.com | udp |
| US | 172.67.174.110:443 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| IE | 34.249.207.156:443 | guce.yahoo.com | tcp |
| IE | 34.249.207.156:443 | guce.yahoo.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | track.tkbo.com | udp |
| US | 172.67.223.64:80 | track.tkbo.com | tcp |
| US | 172.67.223.64:80 | track.tkbo.com | tcp |
| US | 8.8.8.8:53 | consent.yahoo.com | udp |
| IE | 34.251.70.36:443 | consent.yahoo.com | tcp |
| IE | 34.251.70.36:443 | consent.yahoo.com | tcp |
| US | 8.8.8.8:53 | track.vcdc.com | udp |
| DE | 167.233.8.197:80 | track.vcdc.com | tcp |
| DE | 167.233.8.197:80 | track.vcdc.com | tcp |
| US | 8.8.8.8:53 | track.auroraveil.bid | udp |
| US | 104.21.87.224:443 | track.auroraveil.bid | tcp |
| US | 104.21.87.224:443 | track.auroraveil.bid | tcp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9B3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar9C6.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b3b53d5e3b47c8f2a96ef5fd6d0ca96 |
| SHA1 | e53f4e08437b079ec40a093943328dc563c9d132 |
| SHA256 | 9599356d865f3b64c6399c4963f8d3bbbd98b0496f08c8e49af81c9b0b9bb977 |
| SHA512 | ffe6cc7dbf07699a8cc8fda072d9c85a5482841781478291ace7508533e2874cc793f79ebbb2cdee2dd7a05fca757647226fae54331c56137ea733699f9f65ef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\swflash[1].cab
| MD5 | b3e138191eeca0adcc05cb90bb4c76ff |
| SHA1 | 2d83b50b5992540e2150dfcaddd10f7c67633d2c |
| SHA256 | eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b |
| SHA512 | 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4 |
C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf
| MD5 | 60c0b6143a14467a24e31e887954763f |
| SHA1 | 77644b4640740ac85fbb201dbc14e5dccdad33ed |
| SHA256 | 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58 |
| SHA512 | 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f |
\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
| MD5 | 47f240e7f969bc507334f79b42b3b718 |
| SHA1 | 8ec5c3294b3854a32636529d73a5f070d5bcf627 |
| SHA256 | c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11 |
| SHA512 | 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 402cfc5266b17362e7a0756cce6346a6 |
| SHA1 | 8cfb83f5654ceb2b2c841a8a30909e45303dbb6c |
| SHA256 | c298f4939f38e6361eb4146f77688d014d0bb86c51904f506b6b0a8f4124fe9c |
| SHA512 | 981fe6871914b5e19bef3e03289b8293050150ac4ec7d7f13072d4583a00e71fb90a4e86ec9dca6e18df799395550d0a99a6e367bcc5ae1a8376fd9ec905297e |
C:\Users\Admin\AppData\Local\Temp\TarFAD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d95825123bed8e3bab90be6f3f8ef7 |
| SHA1 | ea2c92a81bfa17485d36134abcc47d704e473326 |
| SHA256 | 28219766e5e2dfb44cae9b5812c02ea50b90edca799274ac27a790b5899d216c |
| SHA512 | d7180c79404bbe898b390e60a681c88fb441ab840dbed3d33d491f5fc53d705a79417ad1197ac7bf7e6cf245068b3a30c03bbda43d4ed8e322552672f83ed990 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4db76121091248aa0299281c7ff1a77 |
| SHA1 | aa9cb9bca72e5ffd8c4b1da01d1b4a77ccb12631 |
| SHA256 | 85ae4b395900b93e29a407d2387aebd7d152d7106721c31f7ddeb7a3d3b664f8 |
| SHA512 | afd0750cc562c94e4c42f6e66962449c7e521ea3ee20cb98a199711ebb5fa545fe723e88f4b5cfcd295ed1e0f858634470b139e1f581d2941ab55543a6f8e296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d35b872cd0c54f31fa2c6f617773b93 |
| SHA1 | f8e85c2cea963e73d9aba61d82d1c688cecea063 |
| SHA256 | 405733d15ad83e899ad52b2d97ed6c9bee9ab9785bd6a758f0c679e43f489339 |
| SHA512 | c5df8109194a2e678149926d598095849069ad85074097bf241ac8677444c22a1ab994815e3184bcae6f34ce45d6b946e1416b8ecec96e10abcc9e453d851fac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c15a3981244fb3fbbe0e6a5f601be5d7 |
| SHA1 | 27f48a27675add900dc94391458b26a46ee310f7 |
| SHA256 | b07aedb7bcd61cb4328c047fc8ecca95e58196ceadf3f1536632e2cb7c3d52bc |
| SHA512 | c46daeea81ff68be39ffe624e7e5934c7bba446c140dbea8488be07b8812a706e4b1a434cc8f4ae974ef7928a03b0ae7d10749428f172130e06bd7e061da559b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e12c3f49bc531301dcf6cb5952c4f86c |
| SHA1 | 44e7e3bb35d13ba1a7c5e9a7156a878e20d89d16 |
| SHA256 | 17bb1ed7d8145f0904e8f9e007dbb542371aa9f17330c0346c7e056f1c92ac0c |
| SHA512 | cc24f979d11d66c80f51eadf10f16ee501dfa88420ba8d74e2365c31af4aff3cf91c17516798558e7308fb7be16c192ce0815b0a8b8af3087c21cc9a323cb55b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be709614afb728ca53de86abae4ae0b7 |
| SHA1 | cd94c11d7dafd60327c2debffe68b602e84cc9f0 |
| SHA256 | 3fb42ebe151ea4d1ea5c8c34482f7714159424eddb681c8426fb7e44ad091ce7 |
| SHA512 | 4fbfe03ef38b66a16fcbb94a1c5e5041a144669603dba208548211b2150baf4554ef1e9f08863edb501e67d87e2e178e7a81b60d013b1b03ab185c289209a906 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14e85fc3713c9e2d0797209afaa664ec |
| SHA1 | 417e4433dbac657929d7cf1b110a602ead12007d |
| SHA256 | 2f1066adff1170a6fffeb61a0b943364599a1fd8f5618af5713f7cee445db898 |
| SHA512 | 4b0941ff13261ebe865d8dba084c621474b08e137dcc8838a60dbee82265a5a66452400436d6fb223151a974bcc672d5f062ad71b7cf01f732516e03b349b170 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | b3dd9085c3ff4d2b7bf6b658cb84c350 |
| SHA1 | 04e4471b6b719d69380950d060d8b8dfc1c7314d |
| SHA256 | 21a5f5d92372b9d201ae76f31eec590f7a6ae39a589c0f6750b79d2d14dbda0f |
| SHA512 | 04c3c5a29b2b3bf7a736d72737cf0139de16f3c8413d189208656d10d755f226dcc12f4a61381cd98295438eefc1efa9c6ad019c68cb352efd951292010feb43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d917e5afa7f69280ec04c453fb1d043 |
| SHA1 | 910b5d1bb4a74690d72baa6952d03d17aba2ef32 |
| SHA256 | eac5788b8cdd49e23b76ac97de449a5c4e2e43fe7e21a585f16b236fbf23c4d0 |
| SHA512 | 688a3ae94b716072d1fff639acdd5090a97f27864fe10b41d19399ee4be8f0a3f1eb9969f33790a0ed90dc402f5cad96aebb9e80aaba481004948293eac1015a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdd0b83b0630e7be3715add263e66c26 |
| SHA1 | 8c5b049897a9658add4374e70567386072059087 |
| SHA256 | 18abde47fd5e3a1fe8a0c36ce272ebb23b140f12311d845c27bbf55de5b0cb9e |
| SHA512 | 8ff7f6d1f4a5106801e23712c8ea6f8a68846e1369774ef4b84911f9739a90c45ed101ac300c30b84a492520cddbbae285364d57c247f53060a3b695f5d47c3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ccf125958a162b90fdd0cb5ca9f6dc1 |
| SHA1 | b3e29fd130e327871aa29c9bad6baa34a6b4dc62 |
| SHA256 | 7caf798c58f4aa6cb51558ac75d88f47ed5db5a081216ecc5b64c7b7289fddfe |
| SHA512 | a997007961b311329a602dd4c47ec4400dc8118930bf03385113074bb81fd5295713e6641233af081e939b7a939dbfa9de8a5ed147243ee905010e9e5b2016a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc3864837ac30e92100d0d07ede5267f |
| SHA1 | 1a15fa0ae4afb1ede8128e21428c05ea002318a2 |
| SHA256 | 53bbf79c1e2df31e6ed91fc671e979e701cf130d33f8f442bb57063c8701fcf6 |
| SHA512 | e7bf5e72a38e350472e884b166a6cbfee365fd20bd0051b3bf9abbd95a1a3991406b2884b65e2cd2ef531c59200c30ebb472e9774d5fc860fa10792e92cc2ff9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df9fd856eaeb343c38b83059b5b1bc1e |
| SHA1 | 998553c2960d65919880bc3cfe3efeebf240ecf5 |
| SHA256 | 90bc890c7417aa4bd453ebb6834615f516c57e6722d7efca7cfc6f2639ee5836 |
| SHA512 | 687c606d64ccd54498933016895a2414849b3b48a9f04bfe4ebe381fee5e861e5b423d937f375b20980f2b954c23a48d3000b2635dbbebd698d959d70752eb9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8abdb1cc7df3a9508c10d978013740f6 |
| SHA1 | 5cbc0804ddd718e5533651b0dbad36d7f7607a9b |
| SHA256 | 7a002f6f30f0661cfdb4adfb7097d2153715c6537399edbcb6d5e7f481f823e3 |
| SHA512 | f53d68c5f32c3d5a45cfcf3357ba1de2bf401ac6c7192bf5b4cd06bddbb30863ad369681b216c9cbe20c6fff68a4783758ac63f114604b6b92389f88c29f2ad8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d51759d1221e67c772fca8a42dce0e7 |
| SHA1 | 61ea2a8830710a8d5c11a5ac3737d9fb3678b442 |
| SHA256 | 55d2708a8db29e8b9e244883305ee069e2d00fb072c6ddf0dd104e69752d8a51 |
| SHA512 | 49909ee69d18c2e4596946d8e1cd89adf1a0eb4c11bbe355dd841a1da78486210529c2e05e1bdee3bd9158eb3dc12ac1c78461c51d289a3faf16e51e22fa6c60 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ULCHIYA7.htm
| MD5 | 2fbb63a948fdfba2d9e95e42c120742a |
| SHA1 | 32bf4a60508a28d27a3a4351a8929222cef25962 |
| SHA256 | f25a2fe328a24ad33c6728470335fa047099b045109650a77e2c99afefeb0669 |
| SHA512 | a0006f8cb4e3b1b9c1a28ddbebbf385245705a9457d136cc7da0f8d6153b7e71d5406f50e095312156a4d7e750f314a854e0ba4b32898bc1e54987dc7eee2f37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9de532528feba4cb2fc3f4bcc98de5f |
| SHA1 | 30a3b2119200715ed33a4f61b798287d8df094ec |
| SHA256 | 0d9b8cf6b310cd602f7388bcd347573fec9fe2e3d216a629078456e82c909184 |
| SHA512 | 8df1c3fae5cc26889b5089059ae48b556e6ecd9647703ebb6d1185da491314ea0253491fec5682ea1cb348765338b212bc2203ebef19367cd3575c7a39c5654a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fc4354a2045a9e40b92cfeeac6bbefc |
| SHA1 | dd6c3f8f418c08cdc9a45e334d012dbee6e672b0 |
| SHA256 | 1e5ca6263e9a961752dffe8456228316b952108f845d80a08d6241d35304557e |
| SHA512 | b41f2c99b505991bbe1dac29c215bd44d2d59e3ca19db1c0aa7d1b651ac4ae374eeafe97b34accaed4fc12f46329cfceec6dcc237cf6e1bf218f9a6e946dc784 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4287822e8b8edbd84cc46ec8c43a6939 |
| SHA1 | fa7851658dcf77cde3e30ed5ee59f4c0ab90ba89 |
| SHA256 | 535ba714382a9d64ce7ef1fa20dcad0f2bf5eb08e124738de662a672cc31675c |
| SHA512 | aabcee14df802073475db74a60f6d4980b0e32a6f50cfc5e570794343ed00d45f04610e752c011bac36bbac126ab87f5fb09bae52c97c3e97a71708e85e9bc0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 8a2101d81d709e966f654eb38e97a9b4 |
| SHA1 | f3639953806956b90887223eba78eb74ce45e528 |
| SHA256 | e03b2662f3e80c9722c3d9682ef346a9bedbc01b8b63937cbce4cd538425ee8d |
| SHA512 | e36422474fd630ea64e1d520f48ea03e2f6bb2647fd1eefb2a9a7bab891b4baf6ad4a95c524b60fa92df09fbdcc15cdcf2aacd755f5eedf061b76e14d734adda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62bcc279b2ef12f9f60638457cdfc4ae |
| SHA1 | 4de8c3611e75160281cd87c6246d763978f6cbfa |
| SHA256 | f99437b89295e490060c8622e7d594458a7802f5752b7d7ed889caeae23cae84 |
| SHA512 | 982f887369ab2d42eb30e374e669f0249067bfe8b17f96a85ee9602100936f871ae4fb99df321579f090eac8e3e6d708a9f2912a7e5f1db486928fbccf0ace40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b03819904fb26d482b3e7088f3b1a44 |
| SHA1 | 80f536683ac0721d2d2859c10ca054be481bfdef |
| SHA256 | 3237b66456b1863474860b97ad152c791da8d6f8deeda12b6383a3ef30a914bd |
| SHA512 | 6be636f8f85704051ea55d4d285afddb6fe250c610e21cd57688ae7bbd7112c61390b50f30c4385565515d9dcbac3e09d8e41d5fc7f3bde2b60663263763fb69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10582e7300df6f4b2c9372325f421d96 |
| SHA1 | 45cae8a8db7a5fc230381d586ff1280ac879d574 |
| SHA256 | c6707694435a1a2d7f6c46dd6899ad2380f15647323f3e4ec00e24130a1584ba |
| SHA512 | 47ff590e54c03b030f2a0e31e474c494947e125e1b8c9387cdc1c8175fc63ccbf4dd424dbfa8a761ca1712fb762ee5571b561b2f3239de2225736da24b561ad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75d74f5c0b42dfa021cca16d310eed74 |
| SHA1 | a5d469bf14836a532276c48786e40ebbe3331d73 |
| SHA256 | 79fac4dc7ae4038689541f6ddf6c690a5b598228925e619d14e0113fd31dbecb |
| SHA512 | 43f0e5a6f6c30c274b789e025964a36538bb37d6a32bb0c1bd3f7511a3f1fc257754727acce22bd4cb36924b2b79673364e51b0b0ceff17ba4a642310cd5724e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f143f71983d914dcd3b402d89322436 |
| SHA1 | 5760dd7e8d6c74a3a9a9a48964361f4a88ab4cc4 |
| SHA256 | b2a5931bdf0b97c5e10fa27a41829ea6918e686db178508032524ea9d2b5f759 |
| SHA512 | d567166c6087b38c31f50844ed4e59d3144feb9ee49ae4c0ef21c22d0d30441271abbc3e401c6f78c98d70af89121dece70fd3fa94094cc1fc59d80b3166da8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1cd4f2902d00f3206882ae09de0fc798 |
| SHA1 | bd689b3c55c12a6b1aed30e84d339637e3ac54ea |
| SHA256 | 963da818b4b28b340fc688565bf0231bf3bb99699790053b5d7467469aaa817b |
| SHA512 | e01815a8726759a6dc670942085d5a856adb66a61b8984b982706286a359c2c7ce155d91a6e12f39b7cd09dfdc17d2407e9557ff915f661b7a8f003ed8c6cc91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | befecc3dcc760db394f4197bb6bbfb3b |
| SHA1 | bff43618b6e9adbd90d532cbf1a139e58917121f |
| SHA256 | 466fc22a8a3dbff3173b72eafd74c437e07c97f8ccb728e63d98796d1bb8b00c |
| SHA512 | f8cb5fc5a0676c04880d1bb8158b10ce5727fc81a3e7c04d04966a4f4568c1f3e1e8b2594522c002be4b4fb9f846a625d6281a98b2f2d7ebb7ecb51f2a71dc42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73940941dbc91285d84a48425e810263 |
| SHA1 | 421c8b5440362aa79d5795867cfba0323e5c0871 |
| SHA256 | fd3c9de70a66ce62ae2827362a57d1c9620162382012ad9dd29ab67db555215a |
| SHA512 | aecd78b40ca60ba4e10ff82ed52af55be59ca3dd66b9b1ce6fb9975b4d8e5e58bdc6b626634411bf124aee7445b2d3caac71b83d3b36784f780359624be1e5ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 174972fd407ef67fe34d94501269e9fb |
| SHA1 | 36f8e79ac3f54ff874073cd04f8a2c3052c25767 |
| SHA256 | 1c6762dced122ef74abcdd50e32e179f22b06aaa353bdacb99885fe616f2719c |
| SHA512 | 7f786ce5d030ef406f431db9071c48ff970bdc38dac5850c86dd8220901d8fe1e207c97cfda9103bcbe805f4459c5df824e97a6fbcac4e80cbe7c67ca28de475 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:01
Reported
2024-06-13 05:04
Platform
win10v2004-20240226-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5116 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4880 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4588 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3208 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5012 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3788 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6184 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6180 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bloggerblogwidgets.googlecode.com | udp |
| US | 8.8.8.8:53 | bloggerblogwidgets.googlecode.com | udp |
| NL | 142.250.102.82:80 | bloggerblogwidgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| DE | 52.28.191.41:80 | www.wieistmeineip.de | tcp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| US | 8.8.8.8:53 | www.wieistmeineip.de | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| DE | 18.193.135.209:443 | www.wieistmeineip.de | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| US | 8.8.8.8:53 | 24work.ucoz.com | udp |
| RU | 193.109.247.16:80 | 24work.ucoz.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | safir85.ucoz.com | udp |
| US | 8.8.8.8:53 | safir85.ucoz.com | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 8.8.8.8:53 | cur.cursors-4u.net | udp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.191.28.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.135.193.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.43.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.247.109.193.in-addr.arpa | udp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| US | 8.8.8.8:53 | blogergadgets.googlecode.com | udp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | goo.gl | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 142.250.187.238:443 | goo.gl | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | feedjit.com | udp |
| US | 8.8.8.8:53 | www.gmodules.com | udp |
| US | 8.8.8.8:53 | www.gmodules.com | udp |
| GB | 216.58.212.193:80 | www.gmodules.com | tcp |
| GB | 216.58.212.193:80 | www.gmodules.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 8.8.8.8:53 | yourjavascript.com | udp |
| US | 13.248.169.48:80 | yourjavascript.com | tcp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 172.67.143.66:443 | cdn.wibiya.com | udp |
| US | 172.67.143.66:443 | cdn.wibiya.com | tcp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | radarurl.com | udp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| NL | 142.250.102.82:80 | blogergadgets.googlecode.com | tcp |
| US | 172.67.174.110:443 | www.tealdit.com | udp |
| US | 8.8.8.8:53 | jb.revolvermaps.com | udp |
| US | 8.8.8.8:53 | jb.revolvermaps.com | udp |
| DE | 185.44.104.99:80 | jb.revolvermaps.com | tcp |
| US | 8.8.8.8:53 | mybloggertricks.googlecode.com | udp |
| US | 8.8.8.8:53 | mybloggertricks.googlecode.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 142.250.102.82:80 | mybloggertricks.googlecode.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.169.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.104.44.185.in-addr.arpa | udp |
| NL | 142.250.102.82:80 | mybloggertricks.googlecode.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | code.helperblogger.com | udp |
| US | 8.8.8.8:53 | code.helperblogger.com | udp |
| US | 54.209.32.212:80 | code.helperblogger.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.32.209.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| GB | 142.250.187.238:443 | goo.gl | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| GB | 142.250.178.9:443 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | stuff.pyzam.com | udp |
| US | 8.8.8.8:53 | stuff.pyzam.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 54.214.116.219:80 | stuff.pyzam.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.116.214.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| US | 8.8.8.8:53 | s09.flagcounter.com | udp |
| GB | 163.70.151.23:443 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | bd.blogcopy.com | udp |
| US | 8.8.8.8:53 | bd.blogcopy.com | udp |
| US | 206.221.176.133:80 | s09.flagcounter.com | tcp |
| US | 8.8.8.8:53 | services.nexodyne.com | udp |
| US | 8.8.8.8:53 | services.nexodyne.com | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:80 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | bd.blogcopy.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | i.creativecommons.org | udp |
| US | 8.8.8.8:53 | services.nexodyne.com | udp |
| US | 8.8.8.8:53 | services.nexodyne.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| US | 8.8.8.8:53 | images.dmca.com | udp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | lh3.ggpht.com | udp |
| US | 8.8.8.8:53 | images.widgetbucks.com | udp |
| US | 8.8.8.8:53 | images.widgetbucks.com | udp |
| US | 8.8.8.8:53 | img249.imageshack.us | udp |
| US | 8.8.8.8:53 | img249.imageshack.us | udp |
| US | 104.20.6.134:443 | i.creativecommons.org | tcp |
| US | 172.67.132.158:443 | services.nexodyne.com | tcp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| GB | 143.244.38.136:80 | images.dmca.com | tcp |
| US | 38.99.77.17:80 | img249.imageshack.us | tcp |
| GB | 142.250.180.1:80 | lh3.ggpht.com | tcp |
| US | 8.8.8.8:53 | img528.imageshack.us | udp |
| US | 8.8.8.8:53 | img528.imageshack.us | udp |
| US | 8.8.8.8:53 | i470.photobucket.com | udp |
| US | 8.8.8.8:53 | i470.photobucket.com | udp |
| US | 38.99.77.17:80 | img528.imageshack.us | tcp |
| HR | 65.9.189.127:80 | i470.photobucket.com | tcp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 8.8.8.8:53 | licensebuttons.net | udp |
| US | 104.22.11.121:443 | licensebuttons.net | tcp |
| US | 8.8.8.8:53 | images.widgetbucks.com | udp |
| US | 8.8.8.8:53 | images.widgetbucks.com | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.6.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.189.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.11.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.176.221.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | images.widgetbucks.com | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | conversionsbox.com | udp |
| US | 54.157.24.8:445 | conversionsbox.com | tcp |
| RU | 193.109.247.16:80 | safir85.ucoz.com | tcp |
| US | 96.43.128.66:80 | cur.cursors-4u.net | tcp |
| US | 96.43.128.66:443 | cur.cursors-4u.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 44.208.124.139:445 | conversionsbox.com | tcp |
| US | 34.193.97.35:445 | conversionsbox.com | tcp |
| US | 8.8.8.8:53 | conversionsbox.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 34.193.97.35:139 | conversionsbox.com | tcp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.200.10:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:139 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 142.250.179.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.180.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.202:445 | youtube.googleapis.com | tcp |
| GB | 142.250.187.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.178.10:445 | youtube.googleapis.com | tcp |
| GB | 172.217.16.234:445 | youtube.googleapis.com | tcp |
| GB | 142.250.200.10:445 | youtube.googleapis.com | tcp |
| GB | 142.250.200.42:445 | youtube.googleapis.com | tcp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| GB | 216.58.201.106:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.202:445 | youtube.googleapis.com | tcp |
| GB | 216.58.212.234:445 | youtube.googleapis.com | tcp |
| US | 8.8.8.8:53 | youtube.googleapis.com | udp |
| GB | 216.58.204.74:445 | youtube.googleapis.com | tcp |
| GB | 172.217.169.42:445 | youtube.googleapis.com | tcp |
| GB | 142.250.179.234:139 | youtube.googleapis.com | tcp |