Analysis Overview
SHA256
ec1e4b96c2d1e27e906b027d8c81218412881b401f9ae704b591c98e342c5621
Threat Level: No (potentially) malicious behavior was detected
The file 91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:11
Reported
2024-06-03 13:13
Platform
win7-20240221-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582153" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7221FD1-21AA-11EF-AFF6-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a75f9a8f0c6474a86b53171adc38a49000000000200000000001066000000010000200000005ca46f74541eabfd673ce79e317a4e8f70e84e882ad7fcfa07ebe0a4cdc11ad7000000000e8000000002000020000000f34c3998148715c16a9591f792d328af0d94ff0ef71edba24076f78c2336433c20000000a4e7d5f1541f9c817927287edd4b7cf0e0a9a43ac94e41d05530a29db516ff04400000003ace70d15b1c5b1a90a1fcb79276d01af5ba227a1f9d74bfe5b4341d8a024fb4789cb002cd980b2a2b58e31c605f3ac44785ddf655307301c402f9ac4e7817a3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005a75f9a8f0c6474a86b53171adc38a4900000000020000000000106600000001000020000000f04918ba6c8a69127db7419e890c1cf70ac26781c2faf01841d9ec334d294681000000000e8000000002000020000000ac7cee22c7819a253134336365bf3fa2a3d24d234434481a4ce388b7b4d5d91a90000000d7f3d1827ef2b17ce69b93d6a2e5b4efd7b755ebf9f512bdc97879d27ed6f5ec75865e27e1350db2be5d2c6b3653ba6e86d2d57083484b7ea10503c8cfa14d3b5f387d6e69a2bc19ab0dbb578885a110fde79a0f2f545104a50e459acc99fed75fc131efb96b1280cf941b7f9e4e91a1d86b76afb8625002bdb628a482642bf723e2397affbabcc7280f454dd1ec0e8c400000006d03edac855ee82224086e0444459a327a319400c5756c3472ee7ef9791980290234dc5f8c0fde0b56835c1cf07ec8edf7ad585c7ca4f7fa14b1cb699b2370de | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500ab5a1b7b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2696 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2696 wrote to memory of 1536 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i25.tinypic.com | udp |
| US | 8.8.8.8:53 | calgot.net | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 8.8.8.8:53 | dl5.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| US | 8.8.8.8:53 | dl10.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | counter3.statcounterfree.com | udp |
| US | 8.8.8.8:53 | dl2.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | dl3.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | dl6.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | dl.glitter-graphics.net | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| JP | 120.136.10.16:80 | calgot.net | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| JP | 120.136.10.16:80 | calgot.net | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| FR | 37.187.129.45:80 | counter3.statcounterfree.com | tcp |
| FR | 37.187.129.45:80 | counter3.statcounterfree.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 163.70.151.35:443 | m.facebook.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | counter3.webcontadores.com | udp |
| FR | 37.187.129.45:8080 | counter3.webcontadores.com | tcp |
| FR | 37.187.129.45:80 | counter3.webcontadores.com | tcp |
| FR | 37.187.129.45:80 | counter3.webcontadores.com | tcp |
| US | 8.8.8.8:53 | www.jornaldotempo.com.br | udp |
| US | 172.67.140.23:80 | www.jornaldotempo.com.br | tcp |
| US | 172.67.140.23:80 | www.jornaldotempo.com.br | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.receitasdecomidas.com.br | udp |
| US | 188.114.97.2:443 | www.receitasdecomidas.com.br | tcp |
| US | 188.114.97.2:443 | www.receitasdecomidas.com.br | tcp |
| US | 8.8.8.8:53 | receitoca.com.br | udp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab86AF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 5ae9d6a4fd8399c5327e1c323ac64259 |
| SHA1 | 66e8132feda74227a3b6af4c215d882ec8ded51b |
| SHA256 | 96f2b4eed2ae401aa77fb2136b82416a6acf0c6ba2ea3a88fe6ee896cd8472b3 |
| SHA512 | 99bc4e7c7212888a3cb57a8061ee93f3d487d51a2745772d07e244744b019ab2c6fcd910fc8a1b0023204db73460173b7e94951e3b0337161801e96c06547569 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 89c6e1619ca47f9915b26e0b6aa480e7 |
| SHA1 | 36e23f43fe0797436150670f79bc784e949263eb |
| SHA256 | 2574129228261b92e2de73cfd51c9c4cd4f8830971c53af5f2ff209c4977d3cd |
| SHA512 | 404724fbb4024ac8f6350eef38a038db78d43f5eda0f37fa1600e7d5f4dc8c428924241ba354e456f2d1f65b0fa71c68c21a9152ed387c5366edfb9c0f5afcaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2109364fa65fa37955ff82a5cd7c911c |
| SHA1 | d0ef36ad98440797cf110a1f5b61ce1bb6952031 |
| SHA256 | 1ae338da2f86102e3df4a2a7658439d2c10eb272bddc8ff5e0d4e4c89967a1a7 |
| SHA512 | 1b3dab1aed96997b8e8126f0e9308f5d7dd19eb571cf7c3d8649df63f892c4815dd694f994360518af3100def420672f74dc56332576044f1cf69a4fe8ececc5 |
C:\Users\Admin\AppData\Local\Temp\Cab89EC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8A3F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 910eabb42290fe8a3a1cdde3491ccc3b |
| SHA1 | 5b29ac46f23c469da3b42422f025ae38a9852731 |
| SHA256 | c3a0e99525d154e3cf4915049edaca8e5e857abe0eab9967976deb576c3dde29 |
| SHA512 | eb924093c7a2a4be1504073ce68c956002179f858fd59e8c5fd7ac9183fe4c29580689e84c578cab55a6f6186958e409737e99297d2354a1eb4e26b80eaaa1f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 95ba1ec01b0a2c7a97f359e4b99dae05 |
| SHA1 | 81ad464944effaef003537b8930ccf52e6175006 |
| SHA256 | 7878675b2e135e45e287e39c720f0daabda32d24ab6d8bcca79e9e8ec726eabe |
| SHA512 | 43e65d9ce1b7326b917045cc40f46362af79f6ae0a8573213452999adf464c1aa8a9e457e05d9ea174944c0a1b271c6a5d9fb5eb982ad7b02e1a3d7dde3c9902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 348df8a8203ac6c79478d70c0bb1d3a8 |
| SHA1 | a63ae76087a15a2544b1b45b51a26e8eb90dcf42 |
| SHA256 | 50a5880425e8dea4128a2dc8ef68e4db67dffd24ca72c31bdcbf1d58ae5d73e1 |
| SHA512 | a986146986b9fe277bcffffeb1979dcd96b3b83b92f3c2c76efd83cb9f4a2a88550d18ecaa4f2b4083dcece42a4ea52e7abcae2e7bf139f6c1a0cd9203b28b25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42
| MD5 | 75070e391925b8a2be525812426acea7 |
| SHA1 | e98dfdac899aff028d08c1315829fcfb0e1f156f |
| SHA256 | 56fd079dd3f8d3f6779a06c11777460d5bc54d22dfadd3129f995247fb8182f9 |
| SHA512 | 7d54e38ac2d83fba1cae1b306ee67dfd1cb12479b99b1ae9e165b7f506f29b17957d4c69fcc075b939e8fd0780c27237c9a92dce815effe60045600be191d24e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47dc72d31560c9fb48829bd41dcb0ad5 |
| SHA1 | aad4c910f7f49f0651a6c7e087e018c4fdbbf1bb |
| SHA256 | fb5d7d81dd874e6554888b28f370081de160f5e08366ea15dca20687e5b8b9b5 |
| SHA512 | fe8133cbeaf5b3ca1189e2095b41f25b00bf9e2dcece082c05bd8012912c554ee26668aa8492f3ca455226cf8b104f96dfe0c143ef91dfe47c98a2a2f3588c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42
| MD5 | 7492d35ad49dfbe46f01dc01c7af70a3 |
| SHA1 | cb20561751b1b306c8cd3d8fb9ddb66efba6c8d6 |
| SHA256 | 68e1f6d45ebac9608a34dd41a0c53fc731905d21fe953608cf858d0f6c5897e6 |
| SHA512 | b7b271a54867b0a1133bce09e7166cc19287877f8180759057c220f6a462a3e79a7a239ea1e727006f184a696c476b79dd9589f1a610f4d63418c7b88ce3be8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | 3cbd995f8bc61a3669d6dccec2391d8a |
| SHA1 | 39e5903bb99f1d045f6b0c2429b43ea8e2d551da |
| SHA256 | d302d7266945490d5d06e91e1c2557830688004c572f39343357dfd57ada50e5 |
| SHA512 | 6335e0e9db04d46564a47818a02c3ed714ee705dbc70ecadf252f2813ef62ed14bf739ea545d69e3214d21600a2d9257013545ab3bd7eeba17fe1fb07b2a22ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1DE53A40D87952CFC53E36A93B17FF42
| MD5 | f7f047e7312c0658e478378da738703e |
| SHA1 | 7fdd5559b4e9633a3b3017152c1801e68c3ae382 |
| SHA256 | 2e99fa224eb6b1ee373ec90581865470f1cfc5bab34bfd526e6223c8d3976f1d |
| SHA512 | fc61b8b88c5c083ed1d4713518e3889804bfa3b19a2ee458c5549768e7edd0e88f0a7069ed727ade907bceded3baa77d02507cd70ce9931a7a5ce71925c859b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f5191bc6d686eb7b93a8f28b68bf691f |
| SHA1 | 77ba74f3be7636781faeaed60b2fc86c8f007a20 |
| SHA256 | 10fa1f6c3f2234be48273348e75ca9ae086c6510f1dc700a9f7527ab37a8caa5 |
| SHA512 | 5cd08c1b88b8b5939219b34563719d77570be733ef996af5496cab1ada59ed5f8dd8cc141c666e17c46c92c8cca55df2b04ee51b2d5a7f94837942c30121897f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\cb=gapi[1].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_6B69C29B30EAF4FCF9E240B3D6A77FC9
| MD5 | d15af181df28a93d3dd0ec8748e1fd4a |
| SHA1 | a3f4ca80c6c94c21fba95801b8171186374fe808 |
| SHA256 | 897c589d175c21601455adee18069f1ff0b0701b57d11a3f3fc1b13c2f9bea6a |
| SHA512 | 5dd966491348ba2d0095e208233340e0638421f0314363534e8e97dc1688dfef943c6185b47e52133d83ef7f23a4a624c0cffb89d6ecee6d57fcd4400e708bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a49422201a15c6586f3201a6b3aa3f42 |
| SHA1 | 0559c4371c3f1e21e32fef45a35f49fc2c7e8408 |
| SHA256 | bf7bf9e785a01a439329e399744e9e0b9bb861f277f22e6c6f99b57f7570a7fd |
| SHA512 | 43e7e5439bbbc30ff09f1007637dc1e23f90e4cbb408085cccdc92a68b5db7833d662490499a49ab260bf3c84ad988c621e0d80266443d4217b168b8b5827560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 442a1c26aec1753573fe9a412ee05052 |
| SHA1 | c11b4afdaf52c278064e82e863820f39ca099bd6 |
| SHA256 | 3c2521577014d05d442bf41a2e664bf0137a57f05a97b75e5ede10a447aca691 |
| SHA512 | 9b02f582f0fd5405b5bb74bb724f2cb4dc91997d4a8f2d43363222b2ce979a5ac0dc49208c5d3b741080219e62f5adec6387cde26125658ce28225c2ef2aed5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59808ea17fb8e60ceeec8739418ca6d9 |
| SHA1 | fa8803eb896c08aa6d1219ddf08dbe3493745f8e |
| SHA256 | c8c86b0910b808b99d3b28410d5fd32fc894ae1541780c1460cece8b2bfcdc92 |
| SHA512 | af248a337479c7784049c4ec14a26ae7ae79bacf9d6c3427886908f88f6558ec8e90e358da04eb05f82adfff0131b8d6e1ca7c5154d62984fb50e7d3e5318642 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc850b253f26cf23512a084746c73309 |
| SHA1 | 8677d405df2773b6956a786fa250a08990ae966f |
| SHA256 | c486a95ce7f18ab6bcfb948ee3c1e8bb530a490ec3dd4ee481a0ba2c3fb77394 |
| SHA512 | 7170bc7e8de635ab5c4a4ccd8b951aef9d75a0bc660efc251e4b10dedb25f24ae9cac4e5833dd97c79a5f9df8bb56b9296f6e67f6c4647546ab25db8d1dff913 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0770e74697090197fb0a93288ceb203c |
| SHA1 | 48eefe95a01edcac77101ec0b0673d8ea831ba8c |
| SHA256 | dfc4c08557a45f490d8303dcf6a95e322ba4fa4bc8f14ae2deafdeb56a0a7cff |
| SHA512 | aaa331e75064caa0b713b9f46e7e2dbb901fae7868f70121603b26e0b4d01f40cf564d4f8e2f511d06e295dbc77e61de09565a9d5c973dbc4d48b82c251a3eaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 00ff2699f64deb6b44fa1cc89b440d72 |
| SHA1 | 03746f5f44151bdeddfff70054400bcc24216c5e |
| SHA256 | 32285d5a08d90be2a36df64dfc42de039d7c6cc5f1f6939f1736bc98c3b39e14 |
| SHA512 | 23c7aa170398ef52a458aef5a078c95e5d2a26397a1ed28b61abf6eea784d7ea88dac4bc65a031bfb30919bf82bc4793ac2337b914763b4f5d38f0bdbd24a1a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9fe6009e4c3404cdfe7695f76707d52 |
| SHA1 | afa85331794850d95044bc2b35033ee7e38f343c |
| SHA256 | c3c8b023d61214fd1a3e7353a507417d02727d38e23bc2c7250bd6d4faa2cc3b |
| SHA512 | b90d8eb5edd5113edd89cb2e75ea39fab232bd5d5cf364ece8536f1fe11bd5252ffe2f972fb6668f4d05613ec84554357bcd7f07047e6db063952136bc013393 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a2ca66f8223a0ad10e49468a58fa3e |
| SHA1 | 3e4da79344a26087aae013abccffc09e79570828 |
| SHA256 | a6b25aef289564ced4d01fa1c01ce603e72b9d9ab447f0e46f5089f671cf3243 |
| SHA512 | c442b46520b4559cf1da7fb053e900de8d635153ac24d276c243a21485ce90494dace577dc90839ea3fc4219f83c8f179847ba8b945f2bcff61ef206240e8f18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d0198afb88b8748704c4d1da7963bfa |
| SHA1 | d6c4b7ebeee43cacceb39e7e0d08aa1a1bc1cdee |
| SHA256 | 309590333f853c68828a3fb0b8e6e658f0c79a76d49cc77cbf536681edb9083e |
| SHA512 | 3d73d014530828cdab86e318ffd67fe5b73fd3eed1662cb615da6c750b2417e2f594899ed4eada3b90333e006769a1e3f152b80834445faea1d351e987a18e2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cdbceb55051daafead9bb0897ea0519 |
| SHA1 | 37a150b649afdcc00158dd37fc762a654573b382 |
| SHA256 | b86b64d91895c3a73731db06df41c3aa8a3f959dd9cf0fe58221f6cab97875b0 |
| SHA512 | 76ea1596ef832f6ea2fde4e7a073d47787ccb6abd040e8796ba81fc3349c03d0dee0f9b22617e164ba488cb695ffee8b26e6d3450ebba095d2bc8b33ee0e2e39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f547891f0bf44a22f5f5a694257cb370 |
| SHA1 | 1c222d306d0386e235eca8390a747cde54d0ff99 |
| SHA256 | 4d1c61342324ad88820ea97e26a2e3e68844b7d4572f44cb3523d459ed0f6732 |
| SHA512 | df122b88292ad394e88a8bf372f1de6ae1add7ff1abafd438470077ddc61e14c7ee83fdda7353a5e17cf4c62bbc8b28183fa2b4863ab38ca7c7ba97ec9d6fde4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10d5d065709fb03bf7a5bd80b554d8da |
| SHA1 | f71cb3b7ff17785581367670b170364dab1b9d2b |
| SHA256 | a4ff228f5b2944b722e02e16bb95de53af7c9aae9d0037680bec50c6141717d4 |
| SHA512 | cdc9781a00a0c1c93269295c6d971cbb078dd37ff5eb1cd5ca5826d7125c45ff2c9b75d58b3d05e12bd55164fd17f3f931e9b3deb0624aec06375de6db9ae91a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 703eca64e9010fb76cac71a64099d95d |
| SHA1 | 30a83859c593b3d0efb3449b5761498301b5efdd |
| SHA256 | 08004080abbde256a72f7f498260ed2f407ca1f7266598f501fa3293c1290732 |
| SHA512 | 2c8aa314766d9e6e5e93ef6732feb0cfb67340db6000909f87e5e44f028077d86b91e7e0afa8c0a51b84e1c634ad6ba717308708a29b0004fb83bdca9657f66f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07aee88e0b9eed1e9b4ce93a67b529a6 |
| SHA1 | 4aaf9444be121b500c50376c57db155d61be5580 |
| SHA256 | 078a6620e40fe39b414e793f45ad1175a18b12a70220115d475e5a1d83765a1c |
| SHA512 | d0a465b4af893019cdff83aa542301cb21551aec85b11c2aa54973a6ff03d8ff8f0b9215a2792d2c8f57a365879b488d911ffaafcb1e89d244bff6c14f78b28e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daecfcb63631690ed0a46a9922ed8716 |
| SHA1 | 9eb8e1314491d8ba7da617668c4140db7b253244 |
| SHA256 | c1531731ef9d1078818be228cad2dbcaeaae7f4f5c033a3038699436cbafd084 |
| SHA512 | 48cdc09a4dca686118ae62f41918dd6792de4698387821d1102aa4a512234d13965295535ee1fb5ffbbbf79e322efbd8ca5f6934e4a60e3a45aea7bbc14fc53a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d48be75ff1c095d95035e79d3acfbc |
| SHA1 | 7e2e4f37a9075a82260b21dc8f50583b2ae0da69 |
| SHA256 | e9a7fc544d12a6a08f36ffbed8f8f19d3b1acaea1752d3d2edc3592e31fa5506 |
| SHA512 | b043f625bacc7f1e4a0fd94d6a0db1c5b8f5d568486a52560e5462bcaac7352cc773d1aa68af081d3e5e25b38d88094d816546b1368835160bf0fc4ec1703bed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01e86bd99b43ec7557067ab30789629d |
| SHA1 | 5487c061b769821c4348b3c187a66942a0e09fdd |
| SHA256 | 7189741206c639c21501b77b17cd2f7d4a21340738caa21517ad62e48db40b75 |
| SHA512 | 551dc0f8b01a3c47ec4fa992f54f5f5e06de27756b069f66751e0af241d94eb01538af82530b58af185ef1c00b25c16adcb8ca952492eecd2fd40df085fc7009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | bd4495bdab08fb7c6b5050a5763825c1 |
| SHA1 | 099da9ae05aa376fb54bf449ccdb14c294497edd |
| SHA256 | 9495fd936efea85908bcfd04576eb258fde74088187a92f14e43dd6626538734 |
| SHA512 | 9ee6d874da1db90a828a5f9f75d8cd3c4dbff9bb75b4fc4e06a50d050518d358c7aec2ed801b2d923fbb383c1a086662ea0e16903faf08d3c7f7ada9b153b6a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be0a244a3c7055103ff794cb80ddb2f1 |
| SHA1 | 8212c2b774ddd5590f365fade36fb0cf959e6f0c |
| SHA256 | f27dfca6839d4df3aa35498d2998149451a16c891d08b6bcb4e259bd5080e7e8 |
| SHA512 | dc04c660d93eaf4bcaacf5094b722b50bdcd22f31398f12d0892520f327324dc1b763d3fc9652d986cc8c03b6774becfbb8c7aafdca78537733e9de3c83ae5a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96f7372b6178260b8df458d14148314f |
| SHA1 | 3b705bfdae0e6f2fdee51b9e6809cbd2dc9a239f |
| SHA256 | 46d44d93cdd1d5bc52f74faaec005bc771eb973c37bfd3e729239ce16dc3e1bb |
| SHA512 | c09fa71e53a073648f86886a758755e474a478ec4f0c74f9cdaeb190111f6adf9c4c87931bdd85254a8a3a50a3ab2cac42790f4008d2e56d92f8c8fb74b81385 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e86886ef727078860def404917b298 |
| SHA1 | d9f90e358fa047f2d0925327a94dbeef86b21322 |
| SHA256 | b9681ecdd0314d532840d2e2667e49833ca542369d7ef2b9c4262502e76a3225 |
| SHA512 | 161556009f43ff83687d015cd0adab417e8e5f2079a9d8182ba605b8b4ccb7911c761a5c23a3566d808598835766c473830d81dd7504d032a35180961b74919a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eba821f9b13ec01b442319ac31f66fc |
| SHA1 | b7c395d63fa363ec4c988dd0319afb30fc031bfd |
| SHA256 | 280cd9828c0a2235a4396a68f6f414f2d5ff84cf1e4fe1a44d42f74397eefb67 |
| SHA512 | 4fc4209e46fac474bd64c3a0ef51575d902be58204e0f9c53ef4767d3b86bbbddfdb3c7426456d725bd0d52114ad65f7c26b04b43b85e1b754adc62b1baefe5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f6e64a00b5ed414cac4532abfd3da1 |
| SHA1 | ff0654b2f44093f69476de7da4216020fbcf3a2c |
| SHA256 | c974a73a67421a95296d32d5e9ac9c799d0be125309370a23562535423c57787 |
| SHA512 | d952ef85c059585b8ed52b4535406cab8f0af808cca48a75a371a826499e79e613c75d17b4ecc1ef8109d0c3e621c0d4a50acf0514f38f669e3f532e42051341 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3919ceaf0989009c4dd992084d4854ba |
| SHA1 | 46532d13c8918e16e1cdf259d6270d39a353d539 |
| SHA256 | 2a723ff437263ac7f8099aa570032375f2cf74581f4480fded2e2ad73fb05054 |
| SHA512 | d7bb30bad85535b75ab6a826a2f3f81c02da50d41259d82d8badbed2fb2cab8d227678001382cc546a59f1dd376d96de4b1713038a74312d592e5feedf0bf386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b4cc77fb037d125216f6cce58ce26e15 |
| SHA1 | 9baa81c6b41f1014363f18e20166418e8bd503e8 |
| SHA256 | 15ae362ff4e5b6e32f54d0421fbf975f8e40e5d5b038c9d44091b8d4fe7b64e1 |
| SHA512 | 0715f778aba219704dae0b43cab979bea2c30171ab51b958c5d925d1d8627a8b830066252aaed8f80e482802862d63bc0505da94a69f3a58e9e5670287d610e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1993b8d9732af9dfd6ca78409c29d1b |
| SHA1 | 05f4ce119e7c5fbdc79c152bba641e7400465883 |
| SHA256 | cdad9f11ce89c3f603ce94c1e771e4a33db5b887c2e75964fd5b51f6b979b90b |
| SHA512 | 9046598e23d11da542d461c78c8b9eb029ae274fd3533e9cc12f8def9e17ef8885d37da8080a5431b7f36954ae3da9809d029419797e30f8f31d1f7e3d79a1eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc6dc56ec1eb5fe3ebbfbe1f98820a0 |
| SHA1 | 3a3ca8676af7807415196f45827b12a7e40aed1d |
| SHA256 | 14a06ccd4ff8360f4a812ac44a40a86572fcb91ceb75abfed06a0af6b450d59a |
| SHA512 | a05b9c67c20c8db553cea4c40172f06e49dda9d857ac9c54d2efcb2ba82bf968275fbe861f57d05ffa735f7bbefcbc00716dbf94cd726b0feb6820d4d912ba6b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:11
Reported
2024-06-03 13:13
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e77a4b7b7c862a9db64ccea9da32f0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61f746f8,0x7fff61f74708,0x7fff61f74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16323634462156926214,5246699985050919154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4620 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | calgot.net | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | counter3.statcounterfree.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| FR | 37.187.129.45:80 | counter3.statcounterfree.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| JP | 120.136.10.16:80 | calgot.net | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 216.58.204.66:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| JP | 120.136.10.16:80 | calgot.net | tcp |
| US | 8.8.8.8:53 | badge.facebook.com | udp |
| JP | 120.136.10.16:80 | calgot.net | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 163.70.151.23:80 | badge.facebook.com | tcp |
| GB | 163.70.151.23:443 | badge.facebook.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.129.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | i25.tinypic.com | udp |
| US | 8.8.8.8:53 | www.jornaldotempo.com.br | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| US | 104.21.87.32:80 | www.jornaldotempo.com.br | tcp |
| US | 8.8.8.8:53 | dl5.glitter-graphics.net | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.receitasdecomidas.com.br | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| DE | 46.4.70.136:80 | dl5.glitter-graphics.net | tcp |
| US | 104.21.63.61:443 | www.receitasdecomidas.com.br | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | receitoca.com.br | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 16.10.136.120.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.70.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.187.226:139 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 104.21.64.59:443 | receitoca.com.br | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | dl10.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | dl2.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | dl3.glitter-graphics.net | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| DE | 46.4.70.136:80 | dl3.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl3.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl3.glitter-graphics.net | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | dl6.glitter-graphics.net | udp |
| US | 8.8.8.8:53 | 59.64.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.glitter-graphics.net | udp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| FR | 37.187.129.45:8080 | counter3.statcounterfree.com | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| DE | 46.4.70.136:80 | dl.glitter-graphics.net | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| GB | 142.250.178.10:443 | ajax.googleapis.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | counter3.webcontadores.com | udp |
| FR | 37.187.129.45:80 | counter3.webcontadores.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | janeentrelinhas.blogspot.com | udp |
| GB | 142.250.200.1:80 | janeentrelinhas.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_912_QGPQMGGQZUZPDBXR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b19b6a83284f9cf430df0a84ef832ca |
| SHA1 | 9a1a261858bc96584d5958dce47b7e00f6069bac |
| SHA256 | 179cb51153d5e01be11aa20a80e264754b8cd55310553e1fdb8201ca431d9e42 |
| SHA512 | 3ef5092208c03d543c804b4e8ef296c8a2c9dad146dc46544fdf8af08e40d29a06af145b8acc0fc194aa137c20a3e10f57528877b590da57f3947130daecc0dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
| MD5 | 23536ccfe05b737ae639fe63ee4cc435 |
| SHA1 | 6d2e9822835dc3e6117a4d2addfc8f241fbdbc82 |
| SHA256 | 6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce |
| SHA512 | f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ecd51dff41b7ad159fbb2de9bc4498bd |
| SHA1 | 2a43325b0c22e0a3a37efb829e9e0df8cb255ad7 |
| SHA256 | 6846a36b1d8e97be64d55c4bdb522762d69d2f83cf2a451b5b7bece27bdb6337 |
| SHA512 | 3dd98564d61254cecce27d91308e85d369b1c280f89f7d03b8ae794260598a4a46ea3e4a7f25493ea68caabcee2e659699021179f4ba578a5a29df604bfba7b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e6d871a595fcfa9271947f92598f0bf |
| SHA1 | 8c435fee8ea49fafb3118ccf664964f00e78290f |
| SHA256 | 1be7a8a2d09ec95b1a85505f1e0e1adfe3e856a81903af6a49c2bf0ccd41e82b |
| SHA512 | abefb5eb64941df87c4f0eca9e956c29ffab3b7ab3471bb54cbc60ab73666873a90b688f48305926c6ed6013a175b37be0dd42e71960f7304026f0bc60c54eb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8775061cfcfa9ac59f000e63d24a0a1a |
| SHA1 | 3ef443eead42c1e71bc5aa5f60906f6415e2be67 |
| SHA256 | e3d403676ca75005ccca50d03dbdf246388c358932b9eddd35ea4c8b84b84f43 |
| SHA512 | fd5da30ee98174c8003e053970b07e1df6b479a6026c9cd2682c3d0e48fe0f37ba20e049234fc88d055a6fe35ec1325b42c4e8164fa2425230d8a3996a1c251f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ee0b4e4273df5ae01ff2e44c6f81428 |
| SHA1 | bc9522c6a658885d60a29eca3f11adf9029166af |
| SHA256 | 90fba407d66ef71c861c3ff895f59a8c99b69f2293e65e261db6ed51616f29fb |
| SHA512 | c37821d1ffeb74ad2b72568d11a580c27f5e0bdd85e8e77a5fcbaddb998852ebd1dd2f6f86e677737304748014bd8eb2192001e268bbf0d6d1d8e088a65f8b10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1480086e2dc5fcb59b4357cc3f0cf7db |
| SHA1 | 5d9a390d31a4037069ed3654eb6803e37839585b |
| SHA256 | 4f918b1f030205592d8363944772e01b43fb087e2df82ca3a78cd53c74e27752 |
| SHA512 | 4963c46a0495a5755b586e62342bfe56d6854ff60bdd9e6970b93df4d99a01ca25b8a2157460d7b72a8bc4a13e38197219b88899f8f059556755ae2e903dbeb5 |