Analysis Overview
SHA256
b422489c260a3f72a0344baac7039095ef1f66cbc13ffbc3a8e064f511154a99
Threat Level: No (potentially) malicious behavior was detected
The file a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:41
Reported
2024-06-13 13:43
Platform
win7-20240221-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6b07494761e3e4281760317192074010000000002000000000010660000000100002000000071cf71c25b8b2702bd4b72155f6ff20c09b7ef4419a1eb48485cbd78f3f2449c000000000e8000000002000020000000b42e825a7dea1d5a5ea83a48600fb2c4d3f1fb65a697d308f854738d82009b3990000000a0ff77cf0bc3b12d0896522b09fa9f604c5126d092ea0f24a795e775bb2ba901a6e5b8cdcf347831a11fe1834094df43ca3cb6be976ef9b9a2ca43a8491b6f444058bdf48fa4220c19805a463a3a3d19c41f9adb8e7937fa49dc259d057ff5a6282cfe86d85c0ab616f976c89aa4f086635f9f1e96a8c8069ca508faf144abab2b34899632ee63391e3b536a0495a6c5400000003f14e5141b96bd934bd5eda1805d37e4848e10061b8ee811a908d439d9c9f46585d6320e4b7d98981d0e6225b325f71d3e448ee4bda161de49b377794b32cf0d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ea567697bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6b07494761e3e42817603171920740100000000020000000000106600000001000020000000590f5cd5598089369b089a7b340a7b2448531a3677df0d648c7992a70511b64d000000000e80000000020000200000004c9b2adc7ca2d0e6ec53714f880eb97681a8475950b8412ce0d8dfdd479439c1200000009c3b4ae2884a9c7e135c351ba6a9fc9ba0b621399d9e4808300c21f6174652bf40000000694ee8a3aeacc660ce9a759c2d085ee05616e75233e470bf92ddb1fcbc95728fcaa03e6d368c4cfaca0bd03a979c6e8ae8cc7b590a3bf6d6e2313fd97c0fd77c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0462541-298A-11EF-B0F4-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447952" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2520 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | images.neobux.com | udp |
| US | 8.8.8.8:53 | www.mmadsgadget.com | udp |
| US | 8.8.8.8:53 | www.businesswireindia.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | www.clickfair.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.downlinerefs.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 104.18.176.121:80 | images.neobux.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 216.58.204.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| US | 104.18.176.121:80 | images.neobux.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| US | 172.66.41.9:80 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| US | 104.21.94.63:80 | www.businesswireindia.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 104.21.94.63:80 | www.businesswireindia.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 172.66.40.139:443 | cdn.adf.ly | tcp |
| US | 172.66.40.139:443 | cdn.adf.ly | tcp |
| GB | 109.68.33.18:80 | www.clickfair.com | tcp |
| GB | 109.68.33.18:80 | www.clickfair.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| LT | 93.115.28.104:80 | www.mmadsgadget.com | tcp |
| LT | 93.115.28.104:80 | www.mmadsgadget.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.21.94.63:443 | www.businesswireindia.com | tcp |
| IE | 2.18.24.10:80 | apps.identrust.com | tcp |
| IE | 2.18.24.10:80 | apps.identrust.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.66.41.9:443 | router.infolinks.com | tcp |
| US | 172.66.41.9:443 | router.infolinks.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| GB | 163.70.151.35:80 | www.facebook.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e2e3e3d43ebba13682f6643dc4c8e1cb |
| SHA1 | 1ba75251d91d995b545397698193747767ac2ea5 |
| SHA256 | d845a38913868a9b0d05dd34844bd4f97459b494f4f6163e32a267b2b9abcc4a |
| SHA512 | f4ddd79afb5fff4b7a337d7de816a2e1e9c782f055b5e57cdf00d9d2de6f411a578ddae854ae1034c78d52a111f7c10dc964c145e4a14bff47d29d20e749d1e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\Local\Temp\Cab19D9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ce13cbd3b1fbd263e9ee5257c5dfc981 |
| SHA1 | b7724e48b07939b85637dbc431c93332667dced9 |
| SHA256 | b7945def55736667fa69e052b4b9464557acec48b4069cff8e46755990e166ed |
| SHA512 | fbc4ace4d4dd0bb927e449007c1d7709b96000794579087daa1cc3569998dea24151c88431abeadfa89b022ce662b4e736dad257e3e3addc30bac19aaa6e5983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Tar1A3A.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 03ef554e96ea4c4a8d5ea06e50069f52 |
| SHA1 | 3022f6e0341f78a6269fc70b2d6bf425dcdd09fe |
| SHA256 | b59ead6fee13da7a3ce58451371eb3894148898bf509795efe1270d054571a45 |
| SHA512 | 9038281a044c6c105d5378ef84d40bce77ec813060b3740c5440e6b4159c11e98bef09fa957ecc8647347bd328268d1f48996d785c09eb92fc1f44685122427a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1ADC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd696f21aa6935dc9cee909d594be369 |
| SHA1 | 20cc3040de1c32fe4d095202a8e975a9d82aed03 |
| SHA256 | 2997fa80ae76aa5095b1ed18b1a489271f8ea63b1cb9614658e17081ea78a78e |
| SHA512 | 11fe4b1c44489502bd144db2f3e50501dc7bc1528d9149b5a073e2413c8c9da464875b6ee43df693e4dac3d984fbbbadcabfb708eace8236b41de58ac9173da0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54343ccf050db77785c3be5f74a6c20d |
| SHA1 | b18a3b61fe8a75eddb58b094c81e2b606a003111 |
| SHA256 | a08ed0f94f5383039d511811394b50db523eca6206845b86774cd4e7cd1f0a6e |
| SHA512 | 29f04232b2f680c19c7498a335afb4ebdcc17d1fb1fb194018dd7c524dc8d1c37022db053e7e15fc90d2fb92bdb6b29e6158fc5db9c65fa3e711542653624ed5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4298e74f24a981e85967c6fe6c0e4ae |
| SHA1 | 6baf27ee2a87d056cd3c5324a364b97cff254810 |
| SHA256 | ec156bb267e9e28588ba42295a1d24853653e67224ca45b0ac51b947dab72cd6 |
| SHA512 | 532a499b15fff78b1a92bfc545f429e875c03132c37c069619c9abacbc34e5502da155b0e5a998c2239bbc53834d62547cbbdbf3fd78cc2582c727e19d3a8910 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\cb=gapi[2].js
| MD5 | 0fe383a7ddb9bbaefc3105b3297f5583 |
| SHA1 | f80c9d789f251909c7560bd91a9e1b9a10c26362 |
| SHA256 | d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683 |
| SHA512 | 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\EWHGBGX5.htm
| MD5 | dc9b8d1f7c692d045a1091abf9ed60b7 |
| SHA1 | 3ca5b9ba7dc4440d083bbd5cd0884e86454949d0 |
| SHA256 | 706738928ef9a15c69466aa33ab5fc3c85bc59ab513242b9a77f640c5c0b20f3 |
| SHA512 | a3fa1611d1c6b54089067f86ff1a92a2b16ffff9b98511856917011a90a4dd2b8d936e855454baa2a2ad6ec523b81f43271b6bcd8c6be7e7462f45b16f3ddb6d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94
| MD5 | 530d936a440b642de41d60af0ab26136 |
| SHA1 | 5523c38ed5f1036ff8e28d541476daf16b63b18e |
| SHA256 | af2cf2f19048012f8e6096afab99c0124ce61ba1f131084ab793ab5886ea623a |
| SHA512 | 4bc36ccbe7ad43813e175c027585a1ae07c68185e6f903d6608591e9c4b626cad2d097fc16ec3ae94a7d6b8838a05b772f64519b26d4db67cff9da6a0b22a664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_0E84AD23AC2E74B30DEF739614C7EB94
| MD5 | 973f736f8cf3a76a706569a13e255ab5 |
| SHA1 | 907efc37bcf13ac56a6c52547cec8424e742a00f |
| SHA256 | d80b32b856a74b7506965f8a96c6a99fad266a5ee32ce0034e15e8a4f2c0b919 |
| SHA512 | 41ffbf2d1f143940ddfc0d4fdbc1d4c148c5efad57591f4d6cba1575eb65109fb4272523d247ac3abb2ff618b7e182ebe60756d298e30302001987c4acb1c70c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7429a29c1d36940e904917dbb97c023 |
| SHA1 | 620c9a16a54e39a949ed803bd473e4818c6093c2 |
| SHA256 | 7456e208820b1f847e02ac5b186e4bf2ae184966cc285072ae2cc3726c463778 |
| SHA512 | 5d674708215a9f9fde09deec21089e688bf33b5844e20fccf82c71ab4944e89883f5d9c229ec5d567487837fdc3e86d391ef74fa1203ba2154d1c200581718eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 176150f6b74afd339df991897f4fe82b |
| SHA1 | 1198a2a32bacd53daa567d53d1f4e822bd826ca7 |
| SHA256 | 88ee4bf4761f237e3ebdd5b62af7abadedbeaa0a9b18040e85aa73465691a074 |
| SHA512 | d45529227ac949132bc372eecbddaf07b60dfaf5f427fc1eef655940393c2a85f53ce37497294e589fa596482ec6891025f704ccd3d6c66f2daa0059d57fd2d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65bf62b26d0d32492a162564f65069dc |
| SHA1 | 60ac21fb39613d4c7c698be8e8f377223460837b |
| SHA256 | cac477bdf6025a091941ebd5be2350ed6c968ab630f81861c4b029749748eb15 |
| SHA512 | c53f377e391cc74217724b885cf4fd538d8d4167386a9de00c0fbb4e4947fc10b21546aaf4d539473fc09548519792461ea59a69b4a9511be61daafd6d6e3029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d8c91b389714f55eafc4d89300e36ff |
| SHA1 | 9bd11c3e42f7e9fe3dc762b1c037b57d918536c1 |
| SHA256 | ff26904ace24c2faa16c8c50c8064316fea472b7642928af3cc84666bf7be357 |
| SHA512 | 943ea1cedb251cb90573ffafc27d052c3d4daa5b70bd46e4bd52a2aafa5c21f6a7b4d12e237b73dd7d7c56307e678567a5e8f7255fa5cae1a5a5d1b389ca653d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a9307e338d0c866edffa8f16c4462dd |
| SHA1 | dcd78929e136c74f4a0a94461ea0bf0053b6f864 |
| SHA256 | 0e95ce0cd59f7f16e6566b9518499678b7008d1bb04eafd027abf35ee44be673 |
| SHA512 | c732b47a1217e1f3da61f38454844b4508dd1c296de3e36a41ac0a4bef24d7c9bc57bb5b7d7773f440ad068b7a37da286216090aa80d3ea993f6c650e17378e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8704d7977656db49df883a3d861cf34c |
| SHA1 | 084624e97198cc75bf91a1702baab1497c1627b0 |
| SHA256 | c9d79b89fcd24bc74369a42b28313baba052a476dee61daeb6fe9708806c92bf |
| SHA512 | 05d8a1c8989e5eb8ad012d4a25466597eebaf600a97cd4c85be1c690addc644824ca674db2532f7b13affb3419feae79def3d2629e8b21c811cbde765b4e4d83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edea82509f22ed927cd7deb453a31830 |
| SHA1 | 0db9ae3797aa7a187a1f0ffbb170439bf0be0b3f |
| SHA256 | c6c9e5054cea0bfe36a45e28f71b32571a0affd2975c676ecd718d4edd57167d |
| SHA512 | 98dba7d163d5b8f30cfda8e3b46a591c4014e84282cebc41306297c738cf8b43dbed18ee96ee33d39cf099c203ce30b6479377c5ad930477030b3533659619b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9c272fc16ac4206ec98f82a210731d7 |
| SHA1 | ba7657d03a49ce7f8131b7f2347491d5f51ed2e0 |
| SHA256 | 6b0509d1327c13a3a1efb78220fea63d5aa20125a925f4a84601ac792bf204a7 |
| SHA512 | bb7e635e656722c428a29d19f16de1ccd5e248f046ea8490d3d5dcbf7afd191263bd1aad6f42da61ce68e13af54c9475e503b1fe27aafd0045c3f87f7e6a1b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fb3ce9c919f68cbe7e99c7cfe7f09c4 |
| SHA1 | 04a126622e3b17fd8bf7217489a9cfa80b5d679b |
| SHA256 | 150c6179a9614d4cb3d45958e01e1d6a248996ce18f9834c8d16e9b22e353b1d |
| SHA512 | 88e62dce975f101f45ea903a2037aba82a85786f8b846605425d75e11eacf4d8d2d0df23d566283d1001855692762c80a8fe311ce0500d875103014ac1c7c03a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad27ef2fb8b1b53613e9fef827e89d0d |
| SHA1 | 709751983d79efc299998737d22a9828f2f04888 |
| SHA256 | bd955e32f4d9b3b0787fda7728a13b27e55077104e046abef627d95286236043 |
| SHA512 | d11c493672239cdf0010bd8ab169b1df8bdf8fc43c155131621c2c71c4307b3bfae6075a8b3879c534eee9bd1b8f5632393ea2989b5a75fd73c6008388c60381 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e7561cceacee0e15c694e06a51aee1e |
| SHA1 | b26e7a751b39bcabd9aeba22d4cb9371098f7d34 |
| SHA256 | 0d0008566ff1d05009cfb039c4638ed366e915f8b16e53df295225f03a2127ba |
| SHA512 | bba251c74fda72fdbfdbb8bbe4c5cb09ffce13b4bdfdce4deee44799da2318f4ef9a1ff13f5d720ddc19f2a246dc49cf6ebadf42ca9011291e04eda62c55e527 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99e31b2d203392be5216156b7033d23e |
| SHA1 | 6e3bbc4a41d6235938f8351de7c2051a46bb2641 |
| SHA256 | 353a6a0fbc350dddf00c80a37727b5ee4a6d6b241ffbabb99991df61810cddef |
| SHA512 | 319b513efb788b3631bd731f6a84f94a84e17bdf2fc1da0e3922e520a74b97adf1200a19d92441ce970eeb53ecdb3aad0cea314bc7e2c736e663f1889002f140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 89c727c3b2bfae0f5d423a2e699e9d5d |
| SHA1 | a4ec7c73bba92646266f18a0466f6e892eac535e |
| SHA256 | 422ad68996c4f1220e15aa25744485e057728c161fbf7cf82be27c201b92e6a3 |
| SHA512 | ee5378850a30dd77a87dc14f67bda1848f2122a4220eb2c6b9070072cc21d0b50212e01243d910c6a6950a52b3678e7b2564e096a6ad764e04b5691f9b23c748 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5216c0686f6b510086320ef001a54a50 |
| SHA1 | 70878a26c6371340ce604ae5b288501037612828 |
| SHA256 | becc7d80576041a9f1133f5518b2326780974706bd54cbb2aad6a69f175b119b |
| SHA512 | 8b7eacf97e75c3202e93bad2a890236612e0edec2e20690cccc5a32c98ffc75414a74b670a96a84f5374d23ca2d83b1689fc56d0ac11f16efd9135d223969f34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c4d83eb9b8d4393207e461e8182f64e |
| SHA1 | 533cdde3d8268ff73c20d06486f0d03dda00f3a4 |
| SHA256 | d2ed08563173c9a5de0bf6e045080f2c84348908524e80aa7a40700fdd03c599 |
| SHA512 | e85e489b795d7e3c7b4625b14650b2bb0dedbc7131a284084cfd6e08722dd83e63558b5418d0531b225e2e60374777586b2e82180f61c5cdd081a127d9b7bcf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | defd49c5989c804ec359e1e34861ce62 |
| SHA1 | 66ee90ad516d6b65aa7e7ecce9cd2f4a377e8ec5 |
| SHA256 | 1abb222f3475b395cc2ef86db727e28eb6c67638a2fc47b25684eb0ec7589632 |
| SHA512 | 88339917c20fed81f7dab03c51c94a9e8d82da0f8ae6782d8b4dbaa1a95b35d99215b3545c7ab66bf98d951131929e44cd87385f205e2f386dde8294b487acaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81ce645fda065cbf731092859d0f4cbc |
| SHA1 | 09eb4f9fbd8808cae3bfc5fe7b598475f8d0f44a |
| SHA256 | e7fd28a0987fafe08bb582d8180c811a82edce7b2a7a889de4588b7522903ce2 |
| SHA512 | 7e5048171001270c75396c5fc868e0962d3206fde632bb027911d46bd910b4b98b47edceaa75e298720bef1ecda969c46dd5bc0eac21a7b2d48a2b6a91fdcfc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f77594e662575b88d7f8f2de108ed8b |
| SHA1 | c957cb6a4075e3f50086452b9c30aee88f84350e |
| SHA256 | 561815f4fad70b1c7217d7b53dcd18d7af180d9105764fdcf7a35866210359fc |
| SHA512 | 5abfb3837dda9747406f8fa7ea33dbf450df15694842b89abc2c85c2ee056656c18e361748f5a5fe98a0e934399cc7d636b96e7cb005860a1372595197a39e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3333da5a8e965509b973b5df3222a105 |
| SHA1 | 170d520598af9227d5e1306b7ee98ee148aadf53 |
| SHA256 | dc23a873898452d209fdd3741c60cb27846c832957b61868779f9ab97105076d |
| SHA512 | 88d798efdb6033e3215f6741b4f35b01713060056f45a4bfc0fa72233a116eb49d558ebaf0a2e3f83b4ec7bf35c7042324f2e0db75df4db72835d97e6265bbc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fe8245a48b863c69ed05ff7751e266f |
| SHA1 | 98d6fd0e2028546016477fc44eb1a1ce6ccead44 |
| SHA256 | d90a45bc23e233643f2b481c706a7933be7c8ea7e040965655e78eb025de491c |
| SHA512 | 5d8fc76219b68ea2442f68fc2b27b1990c4b99218a853f3c2efcbeafc8d0188af6099a8b78fbd63907ae1b6b52e89cfef474c3c5cf9f43441ef3e090c6d4181e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e18524077c4493c2554c46dfc328f1c |
| SHA1 | 16fe8916e9b0de276981bfe97a6cb47b311fb259 |
| SHA256 | 796b907ef8df7306bd8d5928a220423387107f41bfca880747aa5eee609dd5ce |
| SHA512 | 4c750e9f589b2fde5122e1a0eee1759719cb76df9bb32556bd75dfea18cf4c58bfaaf43f29a8393afa60f1824d8f3124099befd8743a157d58556cf4381ec296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42152434d592367ac5306c4d88122286 |
| SHA1 | 665cc5bfca84b119c21e6edba6d8acc563f5213b |
| SHA256 | abc204bfec1d2d95bfb35dd3d11dbccddc0a645843f379be3f7e87e761000daa |
| SHA512 | 1d9634dece83433f19e27ad44cbf240f7198ad874d8a651b7907871c5201b55b18c9c7c9c29bb24ff1f957a7a22816fdfdbceb36f197cfac6c0f64790f7c853f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3b6576e2ececd8e2ac630b1bc694288 |
| SHA1 | ca18dd269f91b62f14e5b2f361910d9a1bda0a63 |
| SHA256 | 37c39a16cfcc06ecbd24469eeb6826910a80425c4ad9179a8644a19ce113cc9e |
| SHA512 | a04d7ab6c8999efaae998e0d9884afbaf4161d6b9b5a99aa239854e6947371e596cf0efef2a4bf43ffa6083322bf019c80f135e80ce5e23176cacf95510d1c37 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:41
Reported
2024-06-13 13:44
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d69a49cb30c6dff150ceb597020f2e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2488 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5616 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5872 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6000 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6020 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6184 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6508 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6576 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6852 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | images.neobux.com | udp |
| US | 8.8.8.8:53 | images.neobux.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| GB | 172.217.169.74:80 | ajax.googleapis.com | tcp |
| GB | 172.217.169.74:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | images.neobux.com | udp |
| US | 8.8.8.8:53 | images.neobux.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.18.144.121:443 | images.neobux.com | udp |
| US | 104.18.144.121:443 | images.neobux.com | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | www.mmadsgadget.com | udp |
| US | 8.8.8.8:53 | www.mmadsgadget.com | udp |
| GB | 142.250.187.238:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.businesswireindia.com | udp |
| US | 8.8.8.8:53 | www.businesswireindia.com | udp |
| LT | 93.115.28.104:80 | www.mmadsgadget.com | tcp |
| LT | 93.115.28.104:80 | www.mmadsgadget.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | www.clickfair.com | udp |
| US | 8.8.8.8:53 | www.clickfair.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.businesswireindia.com | udp |
| US | 8.8.8.8:53 | www.businesswireindia.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| US | 8.8.8.8:53 | resources.infolinks.com | udp |
| GB | 109.68.33.18:80 | www.clickfair.com | tcp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 104.21.94.63:443 | www.businesswireindia.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 172.66.41.9:443 | resources.infolinks.com | tcp |
| GB | 142.250.178.9:80 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | icons.iconarchive.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.downlinerefs.com | udp |
| US | 8.8.8.8:53 | www.downlinerefs.com | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| US | 8.8.8.8:53 | cdn.adf.ly | udp |
| US | 104.21.235.214:80 | icons.iconarchive.com | tcp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 69.16.230.42:80 | www.downlinerefs.com | tcp |
| US | 172.66.40.139:443 | cdn.adf.ly | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| US | 8.8.8.8:53 | kona.kontera.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.144.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.28.115.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.33.68.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.235.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.41.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.94.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 109.68.33.18:80 | www.clickfair.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 163.70.151.35:445 | www.facebook.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 8.8.8.8:53 | router.infolinks.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| US | 172.66.42.247:443 | router.infolinks.com | tcp |
| US | 8.8.8.8:53 | ww12.downlinerefs.com | udp |
| US | 8.8.8.8:53 | ww12.downlinerefs.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 13.248.148.254:80 | ww12.downlinerefs.com | tcp |
| US | 8.8.8.8:53 | 42.230.16.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 247.42.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.148.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 148.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:445 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:139 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| BE | 2.17.107.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | theamazing-worldz.blogspot.com | udp |
| US | 8.8.8.8:53 | theamazing-worldz.blogspot.com | udp |
| GB | 142.250.200.1:80 | theamazing-worldz.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |