Analysis Overview
SHA256
eefa4d55b1db8ce31f13dc1ff772282422c95bdf782ca0d023851647d48155e4
Threat Level: Likely benign
The file sym.rar was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Embeds OpenSSL
Unsigned PE
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-01 04:04
Signatures
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\Bunifu_UI_v1.52.dll",#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\Bunifu_UI_v1.52.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\Xeno.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\xxhash.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20241023-en
Max time kernel
52s
Max time network
148s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\zstd.dll",#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1040 -s 80
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b39758,0x7fef6b39768,0x7fef6b39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2968 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3740 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3464 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3484 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2468 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3688 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1776 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1928 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2512 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wave.gg | udp |
| US | 13.248.169.48:443 | wave.gg | tcp |
| US | 13.248.169.48:443 | wave.gg | tcp |
| US | 13.248.169.48:80 | wave.gg | tcp |
| US | 13.248.169.48:80 | wave.gg | tcp |
| US | 13.248.169.48:443 | wave.gg | tcp |
| GB | 142.250.178.3:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
Files
\??\pipe\crashpad_2340_VPGMJJSAFOQCZBLY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\Cab1CA7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1D36.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 2be38925751dc3580e84c3af3a87f98d |
| SHA1 | 8a390d24e6588bef5da1d3db713784c11ca58921 |
| SHA256 | 1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b |
| SHA512 | 1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fbaeb997f51824560b9dd810690e9a73 |
| SHA1 | f904292d8c21328ebf89475138f5b1dcdf6745a6 |
| SHA256 | e03551185ce34f02baf493f42ba127b3158fc417810c2808ce7e3aaa8ff9104f |
| SHA512 | 889fcc095bf45bea5c5040b7dfcb03b031a836993ea6edb390bf00c1765dafd8ec40cf9f986ef3ea3ee7ca71f5c50303973a302904f4da4948095dd78eaf93d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51df8f4d173489c340f49805b5cebbf1 |
| SHA1 | a3248582e87cad7715a364e3c8014496a351d56f |
| SHA256 | fb4b51c2aa6cdbfbb506a9fe47df88520a697cda881eae4f4f981cff3994de02 |
| SHA512 | 22e84e822b225933d5b4aadfa6eb00c396b137d164e1c3eea981707904813ba0069f9efa753dde1deb3a1bee70dba4fefef3a6cf16079864b03b634d15a744a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 776b80bbf9861258392e6d18d32c190f |
| SHA1 | 161963f7f07becec39c62260d8729692ec0c4c36 |
| SHA256 | 58819efbf62ed34edb7ee8b98bcece173bb62104504654a591a963f33aabc944 |
| SHA512 | 005a0ccf1ebd5270685cb10c671a351ef2b2d8fde9cef74ffe90ebb99943bdf159602ba6fc02db7e6a69f7c1b6f11b2a1c6d8b901db9e79064be798eb72a5dcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7d8b48b5bc191ede499d50433e248fa2 |
| SHA1 | b0d2ae1ac98f2ed8c3e642190698eef650da8b74 |
| SHA256 | 0ff6ddfe627ebd7ac752c54b90199358c09b618aab0c0af7c7ac347d19ca2bc4 |
| SHA512 | 6c1a95271f00f61ad83f47a58bc206a7cf188aee5130ec8e1d4bac1b9dd196d1d61e40d300fe7ee7159dec385f52ba5af875c3365a07fdcafc9ab495d7bbc31e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | e319c7af7370ac080fbc66374603ed3a |
| SHA1 | 4f0cd3c48c2e82a167384d967c210bdacc6904f9 |
| SHA256 | 5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132 |
| SHA512 | 4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6d7d5c132b22bfae6f26660fe9f014cb |
| SHA1 | 108d9424826291fad7cd4ea229a127c64321fc8f |
| SHA256 | de41a87ea8f25693081dfda5888e7330f0aa12dbf74419e9804aea9a0007fd21 |
| SHA512 | e4bcb5a42dcf0cd7bd7bc93ce84b503ea5f822756e2b831db5914fed258c369bc2169499f17bb960a7fc8e5ef2c0b93e3b15d3672eeab87a4226c22151d6afb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | af905451ff0a6be84e23af3a02000e33 |
| SHA1 | 215bd5175c77ffb8362a06645d6323aad1f5f10d |
| SHA256 | 4ae586aaeac75f6e8788e26b566b7f30ff08dc8ae3bd51079c1334039f4df203 |
| SHA512 | 761ce893d734846bdf5749b2e66c94a11677705fc79c5b4be65f7b618676dd24e690e3108b0e1684cd5654fd37976b11d8e39df7f06e1b80a8fbed90d1755256 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9f76a2bc4f751153902417654992e906 |
| SHA1 | 88744d21c3f678cdff15e2da7b5c1d35878efbc0 |
| SHA256 | 7c934274fd4983803da068a8b465f0dba4fe8ddc298d2979f26d575724184fa8 |
| SHA512 | 36d6c20577afef9e6f66e9b1e65f309df86d3fc39be7903c60d093228eb5b350b80b0f6a8cf001964706454a09cc55a0d073e0b891cababa56cac9cbfec6b9f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 52cd3375e360575ce1ebb109a6fe6f37 |
| SHA1 | 1d33f542524c452e1b440ff9375a6fd829c7d6f8 |
| SHA256 | aea72150cc7be5318776bb5a2a8b22a32161e5c52931f1835f7a088a4af3054c |
| SHA512 | 598d7f032d9450502ae65574aac2bcf70ce86a485100a256008ab6cceeb8896fa97a8e808d8c51e5fea07ed45d73c5143090fd8db860277e5da090ed81d9ff85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b80420da61fd18a_0
| MD5 | d4b62d73545a6ca017f1e84d9ff5ab1d |
| SHA1 | 65d701abe76860f53b77224980963a943684e7d6 |
| SHA256 | 84f07a1e57dfa7e7c4e9db71595e512331983d2cf8037dce4bd49b8f8f6b870c |
| SHA512 | 43a3c8e4d18df0adb83709b12112b4022f9b11d1c4fc0181496e9f897cc16cee87e093005dabc644e8624dcd8f3ade61442c37be336f0de819d3d7a4f6a77ed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eef153ee5b884e2e_0
| MD5 | eb8fec62def1758dbf13a2db5fccadad |
| SHA1 | 5f52ca783dead289fae2fd06864e3df6ded93916 |
| SHA256 | fdf40ad1b9898aa31ac6f5b5ab44b28116599e3032a008b15754cf7bc6aec86b |
| SHA512 | c80ec1c801174bbcbe192330a14031c917c556a4dbd8a656a042357f04c758a649a392a0a306125f1578a3e433501e019a5f00f7ec8467b50edffa3f4752d66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c278c2bd2016551dab24c9749f379958 |
| SHA1 | 3d5b8ee9b5b1a970bedc844ce4863d6d5c09ba85 |
| SHA256 | f79be3a8a29632e62f3688fc6874c1a5d215113121ac1d2217099d28d26968fc |
| SHA512 | 69702ebe2e0b517d4000ca7e2c7cd605f458860c8091ac973f3d70b834c663d87672091bf5a7d6aeae473d2aae3cc84743f7cc86c002bd1ebdacfc1376ebf047 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e7938bc193b6cba9dd57491d7ac662c0 |
| SHA1 | f723487a9a21e4cb25573c9a2f0f05bdfe28e92f |
| SHA256 | 6ee63151a20c17572e87fa6a30c632d3a459ef3d2868c73c6910a69c2fec6d60 |
| SHA512 | c7bbc7116f291e721ea46759ee2d2e8d2a0066c696d25faab96c2cfe53e486baf1cfec91a7cf8aa2a5e9df3d15ed69f485b675a5ad0cfc8609641e755e585527 |
Analysis: behavioral18
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\cxapis.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
150s
Max time network
118s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe
"C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe"
Network
Files
memory/2188-0-0x000007FEF5173000-0x000007FEF5174000-memory.dmp
memory/2188-1-0x000000013F990000-0x000000013F9DA000-memory.dmp
memory/2188-2-0x000000001AB30000-0x000000001AB88000-memory.dmp
memory/2188-3-0x000000001BB00000-0x000000001BB3E000-memory.dmp
memory/2188-4-0x000007FEF5170000-0x000007FEF5B5C000-memory.dmp
memory/2188-5-0x000007FEF5170000-0x000007FEF5B5C000-memory.dmp
memory/2188-6-0x000000001AB90000-0x000000001AB98000-memory.dmp
memory/2188-7-0x000007FEF5173000-0x000007FEF5174000-memory.dmp
memory/2188-8-0x000007FEF5170000-0x000007FEF5B5C000-memory.dmp
memory/2188-9-0x000007FEF5170000-0x000007FEF5B5C000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\SynapseZAPI.dll",#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240729-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\libssl-3-x64.dll",#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
95s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\libssl-3-x64.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\cxapis.dll",#1
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20241023-en
Max time kernel
122s
Max time network
125s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\FastColoredTextBox.dll",#1
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
148s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\FastColoredTextBox.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
140s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\SynapseZAPI.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
96s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\libcrypto-3-x64.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2744 wrote to memory of 2768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2744 wrote to memory of 2768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 2744 wrote to memory of 2768 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\xxhash.dll",#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2744 -s 80
Network
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\workspace\002c19202c9946e6047b0c6e0ad51f84-cache.js"
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20240903-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\Xeno.dll",#1
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win7-20241010-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\libcrypto-3-x64.dll",#1
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
134s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\zstd.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
142s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe
"C:\Users\Admin\AppData\Local\Temp\sym - Copy\synapse m.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
memory/2928-0-0x00007FFDF70D3000-0x00007FFDF70D5000-memory.dmp
memory/2928-1-0x00000205E1890000-0x00000205E18DA000-memory.dmp
memory/2928-2-0x00000205FBEC0000-0x00000205FBF18000-memory.dmp
memory/2928-3-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-4-0x00000205E3530000-0x00000205E356E000-memory.dmp
memory/2928-5-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-6-0x00000205FC400000-0x00000205FC408000-memory.dmp
memory/2928-7-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-8-0x00007FFDF70D3000-0x00007FFDF70D5000-memory.dmp
memory/2928-9-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-10-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-11-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-12-0x00007FFDF70D0000-0x00007FFDF7B91000-memory.dmp
memory/2928-13-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-14-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-15-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-16-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-17-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-18-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-19-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-20-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-21-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-22-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-23-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-24-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
memory/2928-25-0x00000205FC0A0000-0x00000205FC249000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2024-12-01 04:04
Reported
2024-12-01 04:06
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\workspace\002c19202c9946e6047b0c6e0ad51f84-cache.js"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.109.69.13.in-addr.arpa | udp |