Malware Analysis Report

2025-04-14 03:21

Sample ID 240613-fnz1raverf
Target a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118
SHA256 63914078eb1adef6abbaeb78158b7dd415c23ff1c09f14fafcfc3bfe24bc0076
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

63914078eb1adef6abbaeb78158b7dd415c23ff1c09f14fafcfc3bfe24bc0076

Threat Level: Shows suspicious behavior

The file a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 05:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 05:01

Reported

2024-06-13 05:04

Platform

win7-20240220-en

Max time kernel

144s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Downloaded Program Files\swflash64.inf C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File opened for modification C:\Windows\Downloaded Program Files\SETF4C.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
File created C:\Windows\Downloaded Program Files\SETF4C.tmp C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C57CDE1-2942-11EF-A3F8-62949D229D16} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 308636d54ebdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e5d48293aeff540ae36af0867aed695000000000200000000001066000000010000200000005b7cde7847255de3aeff0f1b7c71adcdef3cfaced29175b695a2d743d04e9b1b000000000e8000000002000020000000cde6d94f355788cfd706ddb6e817469c29ac4f841bcb92a37383c7752f95ccea90000000363c9aaf9e7b1470e2997d07c0d1e6eff01c97c6111d506583579c4026a4040bdd370e5bd87b891256a7f157dc213e7a5be6fd6d31af10787efad7da1a047ea8628a85f7fd3a537109e51707c649253465bade799a02b6c20155d4184f68b203a5522b3915d3693820989df2a74353d78f2cb59fed6a0af5428430cc6ff7e397de8043cbef912358ebd1ff78544b9cdd40000000c0d741d8dc2f98b9d03e93a5d1157923067e2c7ad703bec80596823aa1c6eca11e133cd1dab3c517b1cdde47345c58caed6757b6a4e741c52a986856b3721aff C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416780" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e5d48293aeff540ae36af0867aed69500000000020000000000106600000001000020000000d88984960cf79327b812e4399ee3c8d73f111b5cfae782914d33b6155ec28065000000000e8000000002000020000000bef679027b8fe7d72d244f26da156b77cbbcb0cf371515cc054004b4e7e0d8e02000000039e20dc8f71d5965fba1de4208f0ad73dacde492bd0d027e05026e3c6dbaa039400000007b39377b4af3b0764610ec673df677e9f2a375c12b4a972d52704458fb565cce7a3ead81297440a2d7c7118a13a0ba048a1df60d4002d66e0b8b95bbe3272d4b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2204 wrote to memory of 2116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 2116 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2116 wrote to memory of 2272 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
PID 2272 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2272 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2272 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2272 wrote to memory of 1864 N/A C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2204 wrote to memory of 588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2204 wrote to memory of 588 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275466 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 stuff.pyzam.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 54.214.116.219:80 stuff.pyzam.com tcp
US 54.214.116.219:80 stuff.pyzam.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 162.125.64.15:80 dl.dropbox.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 download.macromedia.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 2.22.133.225:80 download.macromedia.com tcp
GB 2.22.133.225:80 download.macromedia.com tcp
US 8.8.8.8:53 fpdownload2.macromedia.com udp
US 2.20.12.81:80 fpdownload2.macromedia.com tcp
US 2.20.12.81:80 fpdownload2.macromedia.com tcp
US 8.8.8.8:53 get3.adobe.com udp
NL 23.62.61.97:443 get3.adobe.com tcp
NL 23.62.61.97:443 get3.adobe.com tcp
US 8.8.8.8:53 bloggerblogwidgets.googlecode.com udp
US 8.8.8.8:53 www.wieistmeineip.de udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 safir85.ucoz.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 24work.ucoz.com udp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
NL 142.250.102.82:80 bloggerblogwidgets.googlecode.com tcp
NL 142.250.102.82:80 bloggerblogwidgets.googlecode.com tcp
DE 52.28.191.41:80 www.wieistmeineip.de tcp
DE 52.28.191.41:80 www.wieistmeineip.de tcp
RU 193.109.247.16:80 24work.ucoz.com tcp
RU 193.109.247.16:80 24work.ucoz.com tcp
RU 193.109.247.16:80 24work.ucoz.com tcp
RU 193.109.247.16:80 24work.ucoz.com tcp
DE 52.28.191.41:443 www.wieistmeineip.de tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 feedjit.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
GB 142.250.187.238:80 goo.gl tcp
GB 142.250.187.238:80 goo.gl tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 163.70.151.23:443 badge.facebook.com tcp
GB 142.250.187.238:443 goo.gl tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 s09.flagcounter.com udp
US 8.8.8.8:53 www.google.com udp
US 206.221.176.133:80 s09.flagcounter.com tcp
US 206.221.176.133:80 s09.flagcounter.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 m.facebook.com udp
GB 163.70.151.35:443 m.facebook.com tcp
GB 163.70.151.35:443 m.facebook.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 googledrive.com udp
GB 172.217.169.65:443 googledrive.com tcp
GB 172.217.169.65:443 googledrive.com tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
NL 23.62.61.97:443 get3.adobe.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
HR 65.9.19.26:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 bd.blogcopy.com udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 services.nexodyne.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 hosting.gmodules.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 143.244.38.136:80 images.dmca.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
US 104.20.6.134:80 i.creativecommons.org tcp
US 104.20.6.134:80 i.creativecommons.org tcp
US 172.67.132.158:80 services.nexodyne.com tcp
US 172.67.132.158:80 services.nexodyne.com tcp
GB 216.58.212.193:80 www.gmodules.com tcp
GB 216.58.212.193:80 www.gmodules.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.178.9:80 img1.blogblog.com tcp
GB 142.250.179.225:80 hosting.gmodules.com tcp
GB 142.250.179.225:80 hosting.gmodules.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
GB 172.217.16.225:80 lh5.googleusercontent.com tcp
US 172.67.132.158:443 services.nexodyne.com tcp
US 8.8.8.8:53 licensebuttons.net udp
US 172.67.7.63:443 licensebuttons.net tcp
US 172.67.7.63:443 licensebuttons.net tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.73:80 apps.identrust.com tcp
US 8.8.8.8:53 weather.yahoo.com udp
US 8.8.8.8:53 slidesms.com udp
US 8.8.8.8:53 yourjavascript.com udp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 wizpert.com udp
US 8.8.8.8:53 l.blogcopy.com udp
US 13.248.169.48:80 yourjavascript.com tcp
IE 87.248.100.208:80 weather.yahoo.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
IE 87.248.100.208:80 weather.yahoo.com tcp
US 104.21.95.49:80 cdn.wibiya.com tcp
US 104.21.95.49:80 cdn.wibiya.com tcp
US 162.159.134.42:80 wizpert.com tcp
US 162.159.134.42:80 wizpert.com tcp
DE 159.69.186.9:80 slidesms.com tcp
DE 159.69.186.9:80 slidesms.com tcp
IE 87.248.100.208:443 weather.yahoo.com tcp
US 8.8.8.8:53 www.tealdit.com udp
US 172.67.174.110:80 www.tealdit.com tcp
US 172.67.174.110:80 www.tealdit.com tcp
US 8.8.8.8:53 guce.yahoo.com udp
US 172.67.174.110:443 www.tealdit.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
IE 34.249.207.156:443 guce.yahoo.com tcp
IE 34.249.207.156:443 guce.yahoo.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 track.tkbo.com udp
US 172.67.223.64:80 track.tkbo.com tcp
US 172.67.223.64:80 track.tkbo.com tcp
US 8.8.8.8:53 consent.yahoo.com udp
IE 34.251.70.36:443 consent.yahoo.com tcp
IE 34.251.70.36:443 consent.yahoo.com tcp
US 8.8.8.8:53 track.vcdc.com udp
DE 167.233.8.197:80 track.vcdc.com tcp
DE 167.233.8.197:80 track.vcdc.com tcp
US 8.8.8.8:53 track.auroraveil.bid udp
US 104.21.87.224:443 track.auroraveil.bid tcp
US 104.21.87.224:443 track.auroraveil.bid tcp
US 8.8.8.8:53 radarurl.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9B3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar9C6.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b3b53d5e3b47c8f2a96ef5fd6d0ca96
SHA1 e53f4e08437b079ec40a093943328dc563c9d132
SHA256 9599356d865f3b64c6399c4963f8d3bbbd98b0496f08c8e49af81c9b0b9bb977
SHA512 ffe6cc7dbf07699a8cc8fda072d9c85a5482841781478291ace7508533e2874cc793f79ebbb2cdee2dd7a05fca757647226fae54331c56137ea733699f9f65ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\swflash[1].cab

MD5 b3e138191eeca0adcc05cb90bb4c76ff
SHA1 2d83b50b5992540e2150dfcaddd10f7c67633d2c
SHA256 eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b
SHA512 82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

MD5 60c0b6143a14467a24e31e887954763f
SHA1 77644b4640740ac85fbb201dbc14e5dccdad33ed
SHA256 97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58
SHA512 7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

MD5 47f240e7f969bc507334f79b42b3b718
SHA1 8ec5c3294b3854a32636529d73a5f070d5bcf627
SHA256 c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11
SHA512 10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 402cfc5266b17362e7a0756cce6346a6
SHA1 8cfb83f5654ceb2b2c841a8a30909e45303dbb6c
SHA256 c298f4939f38e6361eb4146f77688d014d0bb86c51904f506b6b0a8f4124fe9c
SHA512 981fe6871914b5e19bef3e03289b8293050150ac4ec7d7f13072d4583a00e71fb90a4e86ec9dca6e18df799395550d0a99a6e367bcc5ae1a8376fd9ec905297e

C:\Users\Admin\AppData\Local\Temp\TarFAD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d95825123bed8e3bab90be6f3f8ef7
SHA1 ea2c92a81bfa17485d36134abcc47d704e473326
SHA256 28219766e5e2dfb44cae9b5812c02ea50b90edca799274ac27a790b5899d216c
SHA512 d7180c79404bbe898b390e60a681c88fb441ab840dbed3d33d491f5fc53d705a79417ad1197ac7bf7e6cf245068b3a30c03bbda43d4ed8e322552672f83ed990

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4db76121091248aa0299281c7ff1a77
SHA1 aa9cb9bca72e5ffd8c4b1da01d1b4a77ccb12631
SHA256 85ae4b395900b93e29a407d2387aebd7d152d7106721c31f7ddeb7a3d3b664f8
SHA512 afd0750cc562c94e4c42f6e66962449c7e521ea3ee20cb98a199711ebb5fa545fe723e88f4b5cfcd295ed1e0f858634470b139e1f581d2941ab55543a6f8e296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d35b872cd0c54f31fa2c6f617773b93
SHA1 f8e85c2cea963e73d9aba61d82d1c688cecea063
SHA256 405733d15ad83e899ad52b2d97ed6c9bee9ab9785bd6a758f0c679e43f489339
SHA512 c5df8109194a2e678149926d598095849069ad85074097bf241ac8677444c22a1ab994815e3184bcae6f34ce45d6b946e1416b8ecec96e10abcc9e453d851fac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c15a3981244fb3fbbe0e6a5f601be5d7
SHA1 27f48a27675add900dc94391458b26a46ee310f7
SHA256 b07aedb7bcd61cb4328c047fc8ecca95e58196ceadf3f1536632e2cb7c3d52bc
SHA512 c46daeea81ff68be39ffe624e7e5934c7bba446c140dbea8488be07b8812a706e4b1a434cc8f4ae974ef7928a03b0ae7d10749428f172130e06bd7e061da559b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e12c3f49bc531301dcf6cb5952c4f86c
SHA1 44e7e3bb35d13ba1a7c5e9a7156a878e20d89d16
SHA256 17bb1ed7d8145f0904e8f9e007dbb542371aa9f17330c0346c7e056f1c92ac0c
SHA512 cc24f979d11d66c80f51eadf10f16ee501dfa88420ba8d74e2365c31af4aff3cf91c17516798558e7308fb7be16c192ce0815b0a8b8af3087c21cc9a323cb55b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be709614afb728ca53de86abae4ae0b7
SHA1 cd94c11d7dafd60327c2debffe68b602e84cc9f0
SHA256 3fb42ebe151ea4d1ea5c8c34482f7714159424eddb681c8426fb7e44ad091ce7
SHA512 4fbfe03ef38b66a16fcbb94a1c5e5041a144669603dba208548211b2150baf4554ef1e9f08863edb501e67d87e2e178e7a81b60d013b1b03ab185c289209a906

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14e85fc3713c9e2d0797209afaa664ec
SHA1 417e4433dbac657929d7cf1b110a602ead12007d
SHA256 2f1066adff1170a6fffeb61a0b943364599a1fd8f5618af5713f7cee445db898
SHA512 4b0941ff13261ebe865d8dba084c621474b08e137dcc8838a60dbee82265a5a66452400436d6fb223151a974bcc672d5f062ad71b7cf01f732516e03b349b170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 b3dd9085c3ff4d2b7bf6b658cb84c350
SHA1 04e4471b6b719d69380950d060d8b8dfc1c7314d
SHA256 21a5f5d92372b9d201ae76f31eec590f7a6ae39a589c0f6750b79d2d14dbda0f
SHA512 04c3c5a29b2b3bf7a736d72737cf0139de16f3c8413d189208656d10d755f226dcc12f4a61381cd98295438eefc1efa9c6ad019c68cb352efd951292010feb43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d917e5afa7f69280ec04c453fb1d043
SHA1 910b5d1bb4a74690d72baa6952d03d17aba2ef32
SHA256 eac5788b8cdd49e23b76ac97de449a5c4e2e43fe7e21a585f16b236fbf23c4d0
SHA512 688a3ae94b716072d1fff639acdd5090a97f27864fe10b41d19399ee4be8f0a3f1eb9969f33790a0ed90dc402f5cad96aebb9e80aaba481004948293eac1015a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdd0b83b0630e7be3715add263e66c26
SHA1 8c5b049897a9658add4374e70567386072059087
SHA256 18abde47fd5e3a1fe8a0c36ce272ebb23b140f12311d845c27bbf55de5b0cb9e
SHA512 8ff7f6d1f4a5106801e23712c8ea6f8a68846e1369774ef4b84911f9739a90c45ed101ac300c30b84a492520cddbbae285364d57c247f53060a3b695f5d47c3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ccf125958a162b90fdd0cb5ca9f6dc1
SHA1 b3e29fd130e327871aa29c9bad6baa34a6b4dc62
SHA256 7caf798c58f4aa6cb51558ac75d88f47ed5db5a081216ecc5b64c7b7289fddfe
SHA512 a997007961b311329a602dd4c47ec4400dc8118930bf03385113074bb81fd5295713e6641233af081e939b7a939dbfa9de8a5ed147243ee905010e9e5b2016a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc3864837ac30e92100d0d07ede5267f
SHA1 1a15fa0ae4afb1ede8128e21428c05ea002318a2
SHA256 53bbf79c1e2df31e6ed91fc671e979e701cf130d33f8f442bb57063c8701fcf6
SHA512 e7bf5e72a38e350472e884b166a6cbfee365fd20bd0051b3bf9abbd95a1a3991406b2884b65e2cd2ef531c59200c30ebb472e9774d5fc860fa10792e92cc2ff9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9fd856eaeb343c38b83059b5b1bc1e
SHA1 998553c2960d65919880bc3cfe3efeebf240ecf5
SHA256 90bc890c7417aa4bd453ebb6834615f516c57e6722d7efca7cfc6f2639ee5836
SHA512 687c606d64ccd54498933016895a2414849b3b48a9f04bfe4ebe381fee5e861e5b423d937f375b20980f2b954c23a48d3000b2635dbbebd698d959d70752eb9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8abdb1cc7df3a9508c10d978013740f6
SHA1 5cbc0804ddd718e5533651b0dbad36d7f7607a9b
SHA256 7a002f6f30f0661cfdb4adfb7097d2153715c6537399edbcb6d5e7f481f823e3
SHA512 f53d68c5f32c3d5a45cfcf3357ba1de2bf401ac6c7192bf5b4cd06bddbb30863ad369681b216c9cbe20c6fff68a4783758ac63f114604b6b92389f88c29f2ad8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d51759d1221e67c772fca8a42dce0e7
SHA1 61ea2a8830710a8d5c11a5ac3737d9fb3678b442
SHA256 55d2708a8db29e8b9e244883305ee069e2d00fb072c6ddf0dd104e69752d8a51
SHA512 49909ee69d18c2e4596946d8e1cd89adf1a0eb4c11bbe355dd841a1da78486210529c2e05e1bdee3bd9158eb3dc12ac1c78461c51d289a3faf16e51e22fa6c60

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\ULCHIYA7.htm

MD5 2fbb63a948fdfba2d9e95e42c120742a
SHA1 32bf4a60508a28d27a3a4351a8929222cef25962
SHA256 f25a2fe328a24ad33c6728470335fa047099b045109650a77e2c99afefeb0669
SHA512 a0006f8cb4e3b1b9c1a28ddbebbf385245705a9457d136cc7da0f8d6153b7e71d5406f50e095312156a4d7e750f314a854e0ba4b32898bc1e54987dc7eee2f37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9de532528feba4cb2fc3f4bcc98de5f
SHA1 30a3b2119200715ed33a4f61b798287d8df094ec
SHA256 0d9b8cf6b310cd602f7388bcd347573fec9fe2e3d216a629078456e82c909184
SHA512 8df1c3fae5cc26889b5089059ae48b556e6ecd9647703ebb6d1185da491314ea0253491fec5682ea1cb348765338b212bc2203ebef19367cd3575c7a39c5654a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fc4354a2045a9e40b92cfeeac6bbefc
SHA1 dd6c3f8f418c08cdc9a45e334d012dbee6e672b0
SHA256 1e5ca6263e9a961752dffe8456228316b952108f845d80a08d6241d35304557e
SHA512 b41f2c99b505991bbe1dac29c215bd44d2d59e3ca19db1c0aa7d1b651ac4ae374eeafe97b34accaed4fc12f46329cfceec6dcc237cf6e1bf218f9a6e946dc784

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4287822e8b8edbd84cc46ec8c43a6939
SHA1 fa7851658dcf77cde3e30ed5ee59f4c0ab90ba89
SHA256 535ba714382a9d64ce7ef1fa20dcad0f2bf5eb08e124738de662a672cc31675c
SHA512 aabcee14df802073475db74a60f6d4980b0e32a6f50cfc5e570794343ed00d45f04610e752c011bac36bbac126ab87f5fb09bae52c97c3e97a71708e85e9bc0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8a2101d81d709e966f654eb38e97a9b4
SHA1 f3639953806956b90887223eba78eb74ce45e528
SHA256 e03b2662f3e80c9722c3d9682ef346a9bedbc01b8b63937cbce4cd538425ee8d
SHA512 e36422474fd630ea64e1d520f48ea03e2f6bb2647fd1eefb2a9a7bab891b4baf6ad4a95c524b60fa92df09fbdcc15cdcf2aacd755f5eedf061b76e14d734adda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62bcc279b2ef12f9f60638457cdfc4ae
SHA1 4de8c3611e75160281cd87c6246d763978f6cbfa
SHA256 f99437b89295e490060c8622e7d594458a7802f5752b7d7ed889caeae23cae84
SHA512 982f887369ab2d42eb30e374e669f0249067bfe8b17f96a85ee9602100936f871ae4fb99df321579f090eac8e3e6d708a9f2912a7e5f1db486928fbccf0ace40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b03819904fb26d482b3e7088f3b1a44
SHA1 80f536683ac0721d2d2859c10ca054be481bfdef
SHA256 3237b66456b1863474860b97ad152c791da8d6f8deeda12b6383a3ef30a914bd
SHA512 6be636f8f85704051ea55d4d285afddb6fe250c610e21cd57688ae7bbd7112c61390b50f30c4385565515d9dcbac3e09d8e41d5fc7f3bde2b60663263763fb69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10582e7300df6f4b2c9372325f421d96
SHA1 45cae8a8db7a5fc230381d586ff1280ac879d574
SHA256 c6707694435a1a2d7f6c46dd6899ad2380f15647323f3e4ec00e24130a1584ba
SHA512 47ff590e54c03b030f2a0e31e474c494947e125e1b8c9387cdc1c8175fc63ccbf4dd424dbfa8a761ca1712fb762ee5571b561b2f3239de2225736da24b561ad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75d74f5c0b42dfa021cca16d310eed74
SHA1 a5d469bf14836a532276c48786e40ebbe3331d73
SHA256 79fac4dc7ae4038689541f6ddf6c690a5b598228925e619d14e0113fd31dbecb
SHA512 43f0e5a6f6c30c274b789e025964a36538bb37d6a32bb0c1bd3f7511a3f1fc257754727acce22bd4cb36924b2b79673364e51b0b0ceff17ba4a642310cd5724e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f143f71983d914dcd3b402d89322436
SHA1 5760dd7e8d6c74a3a9a9a48964361f4a88ab4cc4
SHA256 b2a5931bdf0b97c5e10fa27a41829ea6918e686db178508032524ea9d2b5f759
SHA512 d567166c6087b38c31f50844ed4e59d3144feb9ee49ae4c0ef21c22d0d30441271abbc3e401c6f78c98d70af89121dece70fd3fa94094cc1fc59d80b3166da8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1cd4f2902d00f3206882ae09de0fc798
SHA1 bd689b3c55c12a6b1aed30e84d339637e3ac54ea
SHA256 963da818b4b28b340fc688565bf0231bf3bb99699790053b5d7467469aaa817b
SHA512 e01815a8726759a6dc670942085d5a856adb66a61b8984b982706286a359c2c7ce155d91a6e12f39b7cd09dfdc17d2407e9557ff915f661b7a8f003ed8c6cc91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 befecc3dcc760db394f4197bb6bbfb3b
SHA1 bff43618b6e9adbd90d532cbf1a139e58917121f
SHA256 466fc22a8a3dbff3173b72eafd74c437e07c97f8ccb728e63d98796d1bb8b00c
SHA512 f8cb5fc5a0676c04880d1bb8158b10ce5727fc81a3e7c04d04966a4f4568c1f3e1e8b2594522c002be4b4fb9f846a625d6281a98b2f2d7ebb7ecb51f2a71dc42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73940941dbc91285d84a48425e810263
SHA1 421c8b5440362aa79d5795867cfba0323e5c0871
SHA256 fd3c9de70a66ce62ae2827362a57d1c9620162382012ad9dd29ab67db555215a
SHA512 aecd78b40ca60ba4e10ff82ed52af55be59ca3dd66b9b1ce6fb9975b4d8e5e58bdc6b626634411bf124aee7445b2d3caac71b83d3b36784f780359624be1e5ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 174972fd407ef67fe34d94501269e9fb
SHA1 36f8e79ac3f54ff874073cd04f8a2c3052c25767
SHA256 1c6762dced122ef74abcdd50e32e179f22b06aaa353bdacb99885fe616f2719c
SHA512 7f786ce5d030ef406f431db9071c48ff970bdc38dac5850c86dd8220901d8fe1e207c97cfda9103bcbe805f4459c5df824e97a6fbcac4e80cbe7c67ca28de475

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 05:01

Reported

2024-06-13 05:04

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e70eb01ff2932516fc89630c00cbf6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5116 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4880 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4588 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3208 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5012 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3788 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6184 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6180 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 dl.dropbox.com udp
US 8.8.8.8:53 dl.dropbox.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 162.125.64.15:443 dl.dropbox.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 2.20.12.87:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bloggerblogwidgets.googlecode.com udp
US 8.8.8.8:53 bloggerblogwidgets.googlecode.com udp
NL 142.250.102.82:80 bloggerblogwidgets.googlecode.com tcp
US 8.8.8.8:53 www.wieistmeineip.de udp
US 8.8.8.8:53 www.wieistmeineip.de udp
DE 52.28.191.41:80 www.wieistmeineip.de tcp
US 8.8.8.8:53 www.wieistmeineip.de udp
US 8.8.8.8:53 www.wieistmeineip.de udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
DE 18.193.135.209:443 www.wieistmeineip.de tcp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 8.8.8.8:53 24work.ucoz.com udp
US 8.8.8.8:53 24work.ucoz.com udp
RU 193.109.247.16:80 24work.ucoz.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 safir85.ucoz.com udp
US 8.8.8.8:53 safir85.ucoz.com udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 8.8.8.8:53 cur.cursors-4u.net udp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 41.191.28.52.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.135.193.18.in-addr.arpa udp
US 8.8.8.8:53 66.128.43.96.in-addr.arpa udp
US 8.8.8.8:53 87.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 16.247.109.193.in-addr.arpa udp
RU 193.109.247.16:80 safir85.ucoz.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.106:80 ajax.googleapis.com tcp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
US 8.8.8.8:53 blogergadgets.googlecode.com udp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 goo.gl udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 142.250.187.238:443 goo.gl tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 feedjit.com udp
US 8.8.8.8:53 www.gmodules.com udp
US 8.8.8.8:53 www.gmodules.com udp
GB 216.58.212.193:80 www.gmodules.com tcp
GB 216.58.212.193:80 www.gmodules.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 yourjavascript.com udp
US 13.248.169.48:80 yourjavascript.com tcp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 8.8.8.8:53 cdn.wibiya.com udp
US 172.67.143.66:443 cdn.wibiya.com udp
US 172.67.143.66:443 cdn.wibiya.com tcp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 www.tealdit.com udp
US 8.8.8.8:53 www.tealdit.com udp
US 8.8.8.8:53 radarurl.com udp
US 8.8.8.8:53 www.tealdit.com udp
US 8.8.8.8:53 www.tealdit.com udp
NL 142.250.102.82:80 blogergadgets.googlecode.com tcp
US 172.67.174.110:443 www.tealdit.com udp
US 8.8.8.8:53 jb.revolvermaps.com udp
US 8.8.8.8:53 jb.revolvermaps.com udp
DE 185.44.104.99:80 jb.revolvermaps.com tcp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 mybloggertricks.googlecode.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
NL 142.250.102.82:80 mybloggertricks.googlecode.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 48.169.248.13.in-addr.arpa udp
US 8.8.8.8:53 66.143.67.172.in-addr.arpa udp
US 8.8.8.8:53 110.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 99.104.44.185.in-addr.arpa udp
NL 142.250.102.82:80 mybloggertricks.googlecode.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 code.helperblogger.com udp
US 8.8.8.8:53 code.helperblogger.com udp
US 54.209.32.212:80 code.helperblogger.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 212.32.209.54.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.hugedomains.com udp
US 8.8.8.8:53 www.hugedomains.com udp
GB 142.250.187.238:443 goo.gl udp
US 104.26.6.37:443 www.hugedomains.com tcp
GB 142.250.178.9:443 www.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
US 8.8.8.8:53 stuff.pyzam.com udp
US 8.8.8.8:53 stuff.pyzam.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 54.214.116.219:80 stuff.pyzam.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 219.116.214.54.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 badge.facebook.com udp
US 8.8.8.8:53 s09.flagcounter.com udp
US 8.8.8.8:53 s09.flagcounter.com udp
GB 163.70.151.23:443 badge.facebook.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 bd.blogcopy.com udp
US 8.8.8.8:53 bd.blogcopy.com udp
US 206.221.176.133:80 s09.flagcounter.com tcp
US 8.8.8.8:53 services.nexodyne.com udp
US 8.8.8.8:53 services.nexodyne.com udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:80 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 bd.blogcopy.com udp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 i.creativecommons.org udp
US 8.8.8.8:53 services.nexodyne.com udp
US 8.8.8.8:53 services.nexodyne.com udp
US 8.8.8.8:53 images.dmca.com udp
US 8.8.8.8:53 images.dmca.com udp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 lh3.ggpht.com udp
US 8.8.8.8:53 images.widgetbucks.com udp
US 8.8.8.8:53 images.widgetbucks.com udp
US 8.8.8.8:53 img249.imageshack.us udp
US 8.8.8.8:53 img249.imageshack.us udp
US 104.20.6.134:443 i.creativecommons.org tcp
US 172.67.132.158:443 services.nexodyne.com tcp
GB 142.250.187.238:445 translate.google.com tcp
GB 143.244.38.136:80 images.dmca.com tcp
US 38.99.77.17:80 img249.imageshack.us tcp
GB 142.250.180.1:80 lh3.ggpht.com tcp
US 8.8.8.8:53 img528.imageshack.us udp
US 8.8.8.8:53 img528.imageshack.us udp
US 8.8.8.8:53 i470.photobucket.com udp
US 8.8.8.8:53 i470.photobucket.com udp
US 38.99.77.17:80 img528.imageshack.us tcp
HR 65.9.189.127:80 i470.photobucket.com tcp
US 8.8.8.8:53 licensebuttons.net udp
US 8.8.8.8:53 licensebuttons.net udp
US 104.22.11.121:443 licensebuttons.net tcp
US 8.8.8.8:53 images.widgetbucks.com udp
US 8.8.8.8:53 images.widgetbucks.com udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 134.6.20.104.in-addr.arpa udp
US 8.8.8.8:53 158.132.67.172.in-addr.arpa udp
US 8.8.8.8:53 127.189.9.65.in-addr.arpa udp
US 8.8.8.8:53 17.77.99.38.in-addr.arpa udp
US 8.8.8.8:53 121.11.22.104.in-addr.arpa udp
US 8.8.8.8:53 133.176.221.206.in-addr.arpa udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 images.widgetbucks.com udp
GB 142.250.187.238:139 translate.google.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 conversionsbox.com udp
US 54.157.24.8:445 conversionsbox.com tcp
RU 193.109.247.16:80 safir85.ucoz.com tcp
US 96.43.128.66:80 cur.cursors-4u.net tcp
US 96.43.128.66:443 cur.cursors-4u.net tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 44.208.124.139:445 conversionsbox.com tcp
US 34.193.97.35:445 conversionsbox.com tcp
US 8.8.8.8:53 conversionsbox.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 34.193.97.35:139 conversionsbox.com tcp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.200.10:445 ajax.googleapis.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.234:139 ajax.googleapis.com tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:445 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 youtube.googleapis.com udp
GB 142.250.179.234:445 youtube.googleapis.com tcp
GB 142.250.180.10:445 youtube.googleapis.com tcp
GB 142.250.187.202:445 youtube.googleapis.com tcp
GB 142.250.187.234:445 youtube.googleapis.com tcp
GB 142.250.178.10:445 youtube.googleapis.com tcp
GB 172.217.16.234:445 youtube.googleapis.com tcp
GB 142.250.200.10:445 youtube.googleapis.com tcp
GB 142.250.200.42:445 youtube.googleapis.com tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
GB 216.58.201.106:445 youtube.googleapis.com tcp
GB 216.58.212.202:445 youtube.googleapis.com tcp
GB 216.58.212.234:445 youtube.googleapis.com tcp
US 8.8.8.8:53 youtube.googleapis.com udp
GB 216.58.204.74:445 youtube.googleapis.com tcp
GB 172.217.169.42:445 youtube.googleapis.com tcp
GB 142.250.179.234:139 youtube.googleapis.com tcp

Files

N/A