Analysis Overview
SHA256
375890ffebd7648fbe70f2c9867b0a8965a9d266bbe6b55e1e0e7e9f13af1d78
Threat Level: No (potentially) malicious behavior was detected
The file a4a4d007e4f29f32868d4c21ec07a5e4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win7-20240611-en
Max time kernel
133s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "11268" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429371" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006b60e50beccf97f56aa1df4048764180f63b7a6d02975ec56b7bca34adc648dd000000000e800000000200002000000089fddba91bf3ee074d75c091cb8ad9b662b3879625fcf4f241d04dcf189ff43420000000e8daae981a7f7574a1311468d7fb3ef5ebdf96e6611f47a48911f1d5d1daa8e340000000f01c0d8f5070fd73e8d63efa7f8a2c4496e683fa1d5c603abbd363e6aab02db736a3f49ac5dfbd02afe968a6e080e767b503015687255ffa2b5ae0437783705b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003095755cc5923f9c4842a218bfe6c701ae56c4f1ff656da9f39a977f456cb24f000000000e800000000200002000000094682548163e4c1aa4cc280306f4bc71b2f2eaa1a720f52427a04760704ab769900000004b2784fba2aef362b880ffdd75ab0323abab7deb1aaa11a7588890b9af2595c9532a5e3f38b0cfc13d02eba63d317b9b18b45232ab205c77c1229dbbb5411ea00d786adb6bbff8197debb2258eebf60d2e9aca2f0b0f7b2764d666b605094b5d13cb16de92641bf4849a216da66c11635f5b0035c1d5e67e6e52c0ab06e1e804746127fd3aa1c446eab364efd3c77c9e40000000b08e8b1fd285844801070705029465d725bd7a35fc2054d59459886a81ae67dda1fa865b594c6c2f10e8ba2f4d258c15dee69f47829beac4927fc178bbb312f8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "11268" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5C8191D1-295F-11EF-B848-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "11268" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40f080396cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a4d007e4f29f32868d4c21ec07a5e4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 172.217.16.225:80 | themes.googleusercontent.com | tcp |
| GB | 172.217.16.225:80 | themes.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| GB | 172.217.169.78:80 | www.youtube.com | tcp |
| GB | 172.217.169.78:80 | www.youtube.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e34a8fc87b0ee931d1d2d8c683dcedad |
| SHA1 | 43f164ecc36f83a0f72acc2733e39d91ac54c0cd |
| SHA256 | 86411b85f89e4fc05089448ad84935376a1f891a7435bf56b7057faabc70600e |
| SHA512 | 159b943fd47b05ba9bb0caf161dc5d0350b4e714018e62c038dbec81e6fffe62e74897b677ec870abd20fd17f577a5d7ef3a177e59725436a39ce846f962c155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b7b81b625fc6487fff328b7f7595d85f |
| SHA1 | 8b8f09dd76de8e7f891ca867055ecac21c3b55ae |
| SHA256 | 6ed8b6becaf51d19b65deec0e86837e669dfbd50f0860cb035d83b88111d910d |
| SHA512 | 59292d45ab81b65b25d5c1d1d47c3055c7ad93c4a06b781b4ed51a1f794a51e74e25a873d01b423ad801fb38edc9a98f8833ea98b91a3d66dfc393694c973101 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9c8fe0927b8c27df910a12627ba69869 |
| SHA1 | 05f1b566b9f948e2da3ce6079042d25433443343 |
| SHA256 | c3bc5707bc9ad0edbddb5d175e699731f7e86107e201814d6eab0ada46ff48fe |
| SHA512 | 84afc0bf707b8cbc577d1ad00b817860e6b83ce014a0b5b8e66464cb7948550b4aed67d514797917bb7db680c63f201c3ce391a1465726d72bc83c969c769fc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 2de3f145bef85ba39cb8b39445a04d1c |
| SHA1 | e7d91a8f46fc4cd22e3ecf1ec969ed9180ee2bf3 |
| SHA256 | 81126a64053aa52359ba430f0f5662e05e4dbafb8adc6090b535bbaab731b49c |
| SHA512 | db0e39934c31292a74f6f9e3400e76164936b131ba0af706c52ec761fb1a5b066f8009227f120ea8ae46815c61bf68fe59dd0e3ff0c326feca7c8d81d00ca7a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 49e729cb007aeb7d27c5888e652b3fd4 |
| SHA1 | 46f09814c0bbdbea69841dc7f9d5edacd2d60eeb |
| SHA256 | 1e507ce1593078b3637bc9a25cf79c72cb5e457512ad4eadb9294eb86ef44fc4 |
| SHA512 | 902336abfa7dcedfe014bdf19e248fdf5785be2d12151798d535cac172fe3d6fb9aa790988a9c8aca405152e3c404c6de86f91b75c06036b87cd38ee78b85704 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | a4c9632a4bb1fccdf53409b445b714c3 |
| SHA1 | 0918b303e642470157b2409d680ee98b1fb8c676 |
| SHA256 | 749baceb4a86040b0af9463bd245cea710e2cdd9854b51964955ae7a99041793 |
| SHA512 | f24936b40bfca5bfecaf42cf614e3eadac505c400d81c26250c0ca2439fded3364c811283bd543bd5968d724960924b5dbc2fd6001248d4b8e2164c78b0cd3f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 5ec56d2bffc8eb5d1de89fadd4221b52 |
| SHA1 | afcd6eb55ae546a63941613390919432a8890a65 |
| SHA256 | 8e5a2c99789d8eeb7207029c8f45f3b128aeab391f749fd6e536fe34084b86f3 |
| SHA512 | 411edc17fb56b73cdb237a815c792a8f2241e2c84efeaaea48a98dde2ccae07e4dc37830c425963beede09b788b06f5c7981c6f9cbb3331e968d5cd39e4e59d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | cde6fcf348b4699a3abed607ce3b22d7 |
| SHA1 | 714a0427a1eb92ce3fbfc7ee546f6330163de917 |
| SHA256 | 011bf95a35cdc04ef049db5accb5fbfa05523262dbbb5ac234a0ad99da3610f0 |
| SHA512 | 42cc6f5ac22e24d51a032181f6665d8f3143dbcf2302d8f5ccfe4fec6d2ee815b971f06251bb7396ba9214c9a5f282c8eb6b1d9c57405cc78e5849e4f1c7a004 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\fastbutton[3].htm
| MD5 | 4df07581948280a6e769a24c5d99d775 |
| SHA1 | 843a2c95362347eb8894a6acb607f139be65ded4 |
| SHA256 | 3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73 |
| SHA512 | bfe455150379d9ec4303659ac16a5082e093ed248fa9d75276bda05287d8bd51c43aab5896826ca55ffee88dce281df359fed6d38395ac3e7cdb7b68c2d35e4a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\plusone[1].js
| MD5 | 53e032294d7b74dc7c3e47b03a045d1a |
| SHA1 | f462da8a8f40b78d570a665668ba8d1a834960c2 |
| SHA256 | 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2 |
| SHA512 | fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\YG6V5VWX.htm
| MD5 | 540330d057605a41f4910d7ff2542b17 |
| SHA1 | 4abbb5f32c248d25aca3ae955ab4c2b857fca145 |
| SHA256 | 1b67dc2700323b3880a8f4fe38cde81b63199bd04edd5c999b3dbd47cf8f24a1 |
| SHA512 | 1e0fd054e01512d8185322afa89866016d8a27f0f09a1d372372af695ad3e8fe3b38e1766b6a6a8500c909f5836fc5f1f944c50e86fa5992e69fbe91362b63d2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\forbidframing[1]
| MD5 | 5cd4ca3d0f819a2f671983a0692c6ddd |
| SHA1 | bbd2807010e5ba10f26da2bfa0123944d9521c53 |
| SHA256 | 916e48d15e96253e73408f0c85925463f3ee6da0c5600cb42dba50545c50133b |
| SHA512 | 4420b522cbe8931bba82b4b6f7e78737f3bb98fc61496826acb69cfff266d1ac911b84cb0aeeadd05bd893a5d85d52d51777ed3f62512c4786593689bf2df7f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | 4b8b06172ef64dc24b7961e7136a9278 |
| SHA1 | 3890399ca0abf203c9d49d2567511eb2d9f3fcad |
| SHA256 | f76d4396d9956997782e49d9ad1915af864633f639bca1a14b2316961bcbd248 |
| SHA512 | 5399a60d26e629dde23a8eee0dca2c3a47363dd15294b9084acac7c5c6c1afb1ded675b455fa6c1460a3fd58ccb9eb16b148cc4f6deea90b81bde8a9b5d61f0a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\cb=gapi[3].js
| MD5 | f9255a0dec7524a9a3e867a9f878a68b |
| SHA1 | 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b |
| SHA256 | d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d |
| SHA512 | d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | a5c359c45a9d5ac2127cb364895f3648 |
| SHA1 | bbbf785e4b844b8da7cff0a0137484b098814913 |
| SHA256 | 4fa30ba297bf3190b8d6e74941ad1c7c1e347a97f4ea26f3226d7868690a8311 |
| SHA512 | 3cd409775afd35a5627043e1eb5a7db2ad022b17d807068469f0aa5b9cb8397d5e15e0ece4d8696dcb9aa17c0c27d8d6ed385407a85bd59c1303fc2488a10f72 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | 05a53522163e5edbaa7a07d3c87c5133 |
| SHA1 | efe3c406d1c2c2cc90c0ad59843e3d154b9b24f2 |
| SHA256 | f12ed03875acaaf4baf75f366a8f8cf924717996212a4b2b587676ca6636e76b |
| SHA512 | bddafeba403aa218771a981bcd57f9bff5d7654185e6bdf5dfa1e02b3a52c0911b5a4ea64abbca814612ea80bb4f10d75f7b256dc2846cebac14b2accc42b510 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | fd83ae637db614135175b974311aafbf |
| SHA1 | cdf3fc9fdef16fee8ae541f80bba81909e6789b9 |
| SHA256 | 6479d4937d848848f1fb829699b0da191f4d71ad7e221e0c9d8d4a7e928dec62 |
| SHA512 | cf6c090add0720fb785c399ba42f92b6740c29be5c8f6c9590cee312a9607d52977cd04d3211db85a926f45cd9f612978878c02c35bbd0836fcd2b6ec933a6ed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\725YMBFD\www.youtube[1].xml
| MD5 | 31779f5e0402b17516e394bfa2a0a3e9 |
| SHA1 | 1a7b0a3ee004d436b2a5ad8f15ba63f34f869f49 |
| SHA256 | a3c40d6f3696f011800cb409bfcaaa852f3cfe2f6af1cb39bca41038d832a989 |
| SHA512 | a5bde556a296ae6a735eb2db65f4984d509d499a5ba31ee604a241c12b0494b2d19ae247275ed65872c01295d8977f3031ed691c6c69867fa6015eedb2b399c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4167dea24fe1186a639ac713c71d4d3 |
| SHA1 | 4ceb825b2785f084398024e4a52feda43109ab6a |
| SHA256 | 13842f6a6255c0d178c3825d477d64a6b99404beb66b6dc034d6fcf66d730671 |
| SHA512 | 3dde9a2edc4c33e42807faaca9e30fe1f071fb0be2633242b8f68c41512888252dc167d238ff634a0eb93bcc2b0979d39f73ea1cda52b9b2e0c890ef16a2a165 |
C:\Users\Admin\AppData\Local\Temp\CabA7E4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA7E7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81fa0789fc16ec62824f73eb901e8fa2 |
| SHA1 | 291e0fe18b16f8221422539cae644dd50c1666c2 |
| SHA256 | c97a6335d7e51c8834fe4bd995d84626a14bf3d2e1d30f77f290ad8df623a062 |
| SHA512 | 7b0537081527f5e6b95109f1594d3fa11aec7e1f57daac2c697ea0d01c8896deffcc54e0fe4411eb08d3d45a193ac051401d3de7ca1372203ca4426b49b7c70d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e050bfb3f515e57a922a822e4a19a5af |
| SHA1 | b3e75b9b34a1bec179cbb429c4a87b003eaf5697 |
| SHA256 | 9cc56c767cee723e07bc6c251b5ae6bbf5df678c114612e18034161c9601cec9 |
| SHA512 | 88ca5dcd26b605fe22fd3c60ae5cad16929b1074d04d87c179b6ca6305e436ccffbc65a8e173c6ba0866c6fc2624080ec76af612796befc52ed2f0b50b6d5d56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4be46291adc225c27457c1721529e888 |
| SHA1 | 37283f7af8ea588f45ceff84566b0d3c445b083d |
| SHA256 | 204722ca06bde6bf443badfd873a20e6a8efdd7b128de4c8eb2862d7166a761c |
| SHA512 | acfef71f3df4211f6747a2236962deeefc355ad7ba4ffc8cedee2e9c56d1438b7a41555f9c269ede1c3723448e9af7d31e7bf37759f67d820118764dbafc139f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 442cf6d583a7cae8534a06ebd33a48df |
| SHA1 | 62a1dda28dd06d779f5baa7f0a7896111b82c8da |
| SHA256 | a576e17a082d2b0d06a88880fe2bd09bb1f74399ad28941418ba3ab61d36f7ee |
| SHA512 | fc3561ff757bae3b334a278fde07c1e9e6ec310a5722cc8a72923d411c71c86e3df937b983f1173f3e5b792a3f8562d1e7d4da2ef07a25c3aa5a405326529460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2093e0cc9366eb590fbb0fb191491bb7 |
| SHA1 | bae7574bd78aa0d8e0577b88cab77920f60804e5 |
| SHA256 | 2bc95e4ef9e757183036b485c6b393b815ad2b916eb09d9ab4a17ba8825f06ee |
| SHA512 | b452c9324b68af60750cbebc9e9bff5ce13530887e33724b4f5cc8d2d284ea1fa844b0c06400175d39c5f1dc9a2b56e68ca1a47ca4439b75939294616a6335b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4973306103e76b0809d3bc24730277be |
| SHA1 | 6cc51e60cc431fe5d46adb80e30f37665ff17d3c |
| SHA256 | 4e2b0a6e65efc86c767b9396ab88731762d470017b3db806c5287ad0a6abb196 |
| SHA512 | b8b3811bdf1c2166149e60a56b79a93ad2cf3bb76ec861402b78c10042371d25012e717d4e3fc5328869bb52f4c2c8923b4fa8edb588afcad090546a3dd3853f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd8705ea6ef409a240dc9a4441408efe |
| SHA1 | c43307561cf0fb23a5b8ab0433de5334298d9259 |
| SHA256 | 2bd2cf8f5eb261256b5ac6fa80cce6a5b9fabc694a23c8d542865ee4fde5913e |
| SHA512 | 41db605d89a39ff0496128ee25efd84f63ef462d0b31cc3978766b37e603732408592ce181ec1b0d2c0fbaf8371cdca4707726249407b9cebef9252ba3b28c7d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\3604799710-postmessagerelay[1].js
| MD5 | 40aaadf2a7451d276b940cddefb2d0ed |
| SHA1 | b2fc8129a4f5e5a0c8cb631218f40a4230444d9e |
| SHA256 | 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 |
| SHA512 | 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\rpc_shindig_random[1].js
| MD5 | 6a90a8e611705b6e5953757cc549ce8c |
| SHA1 | 3e7416db7afe4cfdf3980daba308df560b4bede6 |
| SHA256 | 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679 |
| SHA512 | 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 306045f115fe2b4ed41cb177d37a0c65 |
| SHA1 | acaa560a1baf910f6e509e1910f4d82c30c0a06b |
| SHA256 | e1bef6b80e16e021a651e1ffe64b79872c65eef31e9546646a665a1377f049ed |
| SHA512 | 05c48b422e20419c44cd4aa13b8dd0be05b1f69af6cffbeb6314782ab5ad87031953484a20cbbd73c076f42e57330196fdb41ed5abe0eed15f422ab91135b77c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d10ec2f21e0bae1efa1754d46140c37 |
| SHA1 | 43cadda44afea50a5d6373069d493490ce40c6c0 |
| SHA256 | dab19767bdea30b9508970013182f277e8493d65bab281528c48e92ec02dd264 |
| SHA512 | 957dd89ded01e74e716e4072b8aa1486d8fbe4d02bd8a5958fbf8cf0deaf189d8954ee9a36affaba164013b5f682138550ccdd6ce0575504f4fbe7b7036b133f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57be32357637e1410c7556e3f1cb2d93 |
| SHA1 | 44384b56f25d1dfaee8f8a668f2146becb4e4a6d |
| SHA256 | b3d93134049a7c763f9e4e7242ebf489fc5027599a3ae5721c00df6fbf336e18 |
| SHA512 | 60e081c4ff2d3dd8538b0483c9b858c442641aca86cefbe82949edcd1ed057e02ef0cbb17e00760d721a20af26a1407e905f4a31634363a6c8e787fed9356c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1aef7b4d81f15fb7978773ca24e6a580 |
| SHA1 | dce9ad752c7bfd126f3ae9642508b393ad7a1229 |
| SHA256 | ad81f216c0d2fa0eec525ce250fc257d1fd6f23bd22c345ea149816128a81404 |
| SHA512 | da4bc79d3e2f257a9446b33f16375af23337aca4ef7ee75179816b8a3f5c3c4acb79a0f6f7d0ac6eb2e76541f32d2e2ec2e1515545bcebf24659f50d57d8ae15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2a17b4cf24369131e404bbc8f9a4efe |
| SHA1 | 57f0ca30c8a72d2dda3a0fb15258a91e7128507d |
| SHA256 | 2cd630c20a530451f41fbb59fd565ee62f4454c07a2ccd7ccb49254ed3bda99c |
| SHA512 | 8ce4881c30aadb4edcefaf62239a25e72afa135a5015f5be0cfd79d65354df07df395a5161bdb2689e70120568da28bdf71983ee3a2711143e14a54fb4fd42fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b918e192c36bfcb68c3f35a35a32b1b |
| SHA1 | 3e0f2416f2ab4ca388b15907661c76ace785cab2 |
| SHA256 | 65eb953d455a22f5b96f4e2b6ec1e74b1b637704aac9a24b18e3a29fb817f3ce |
| SHA512 | b4213ee96220b1f380a77422ba452cce55d28201b47d08b485134c5064e4823b3ca16ee48d470c74ec54d921929c8647839b647dc4222b1fc0bfb4176f318b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4501c296a070cc62fa23f3d744a4486 |
| SHA1 | 09a8ae453c23342bfbc190a454c30e1cea39083a |
| SHA256 | e05b06839be1928fe7e203fa672c824dfcd0b9f5b33ee01bf7cc7eed740425a6 |
| SHA512 | 497ad22856490eb13df269c19d9761b603eda1a77f7d96cee692928e4e8b9921ac77e5a29a4281515c2c857784cbdd96f7c1c4324535aa7b20fe99ff6aa84d59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6b8e7d4721a0a515e7b548921c00014 |
| SHA1 | 244337340ea9440d1c841dcd749b54f47172420a |
| SHA256 | c136e6ffe009e4a7178ec7197af2cc1a5b04b3fdc2fed099990eda3d8b2d172c |
| SHA512 | bc650654acaac0c172972339f8259813203740a57a620215e8ff7f74c8b795066d6adfa940a45b994c55f8212dcd6ee32e8d445d7e2c53c313d71be61156402d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4349a1c10470efb4b959f4b5cefb523 |
| SHA1 | 62699433d9648a140cc8932f8c6a9833cd551e67 |
| SHA256 | f10233d8b145758b05b92e00cc5c4a4e83104ce2b4a91393f0829719a7f002cc |
| SHA512 | 6a46f6e8b0f67734724d6e0fbc7e0dc30bd6182b98ab9772c616ee6abb5a2ec08ee83ca682ef1ef81b1e10e6c958ef54da7a98c22e7ae014b15a00ccae6e0c38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a013ceeb478ece6d635e340e1dbbcae5 |
| SHA1 | 26c195d096ced6d866e076c4f8c30be2e189c1a5 |
| SHA256 | 3a0a7760bfbaa7569e8c781027df5a63770f8d2b9332e5d97f375b071d18a512 |
| SHA512 | 0fb73058c03ca09429cee3aca22025ae9e86d0b8d310a245a706b39ddcc0b52b90b9c24db0d69f5b16636d366926159f2dbfd5e2d63c481db675008ac724f9dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:31
Reported
2024-06-13 08:34
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a4d007e4f29f32868d4c21ec07a5e4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4654787164944844841,5687363785720677806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5684 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | images-blogger-opensocial.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | img2.blogblog.com | udp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.225:445 | lh6.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | tcp |
| GB | 142.250.178.9:443 | img2.blogblog.com | udp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | img1.blogblog.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.16.225:80 | themes.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | img1.blogblog.com | udp |
| GB | 172.217.169.78:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| GB | 216.58.201.110:80 | developers.google.com | tcp |
| GB | 172.217.169.78:443 | www.youtube.com | tcp |
| GB | 172.217.16.225:443 | themes.googleusercontent.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.212.246:443 | i.ytimg.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | images-blogger-opensocial.googleusercontent.com | udp |
| GB | 216.58.201.110:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.225:139 | images-blogger-opensocial.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.226:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.179.226:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 216.58.201.99:445 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:139 | fonts.gstatic.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | profbrunahistoriando.blogspot.com.br | udp |
| GB | 142.250.200.1:80 | profbrunahistoriando.blogspot.com.br | tcp |
| US | 8.8.8.8:53 | profbrunahistoriando.blogspot.com | udp |
| GB | 142.250.200.1:80 | profbrunahistoriando.blogspot.com | tcp |
| GB | 142.250.200.1:443 | profbrunahistoriando.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_3228_GFXBOLQKREXKHDBX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 04731363a841f7324651f77b2ea0789d |
| SHA1 | 47aafbbdacbc0e13bccbb3a6413c5886720b6307 |
| SHA256 | d7775087b22e293cc471782f8814eed29c7e6db50cb408d6e6d67ca38fa75d97 |
| SHA512 | 7fecebb08f665c5b87b0c7cc336cc770436d7f6ca9bb3c83c24e5bf7057969864588ce2f9cf780fe84ac30716f701809d1e153cc778306423b516fef1d50642a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | e1c71f7c04be834f5587230db2ad24b3 |
| SHA1 | f3bab9cb99d9f343bf7ed3981aaa7450515d2424 |
| SHA256 | 9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899 |
| SHA512 | 205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 234f646751021299c3902a43cf12b1ed |
| SHA1 | b45709bd5f8338c1a71b4f0c918138f379e921d3 |
| SHA256 | 275f9ae9c9c677437ec3ca2af06f9d78931b71582a30e17f1d24ca912fd66e38 |
| SHA512 | 4b58eef4a202c302405abc7925755a65e4573fc80eb972e0f935d70dbf9984266683d75417e0f32d8724368c3a927639e3ea3c150dbea1eb25460f62a00e64b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | de2c1471ce23323b2f9954c2064f6c21 |
| SHA1 | b9945a856aeca9e9f1b429f5d3b722b201fed201 |
| SHA256 | 246d79e4791b233f618a4544d87921f4c3569dda58a02c357e0e57309f0cec12 |
| SHA512 | 33dd372f5c386e707a98360f30b95ab85dd6517ce772c2126ed852d714c2ced808ee3f6c6316f24a1b8ac9f14246060431d0baf027d940aaa7f134faee1fde23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578ed2.TMP
| MD5 | d9958a9a9cd59b2bfe5cd59b48068f80 |
| SHA1 | a5b9ee071b6edfe88fd1ef53b4157dab631ea136 |
| SHA256 | 0de5cb236d25438700122aacdf71ca7f6ecd61075b20a493331a6af6aeeacd2f |
| SHA512 | 10d0e29c7b318f37f779b520ce07006800aa1e1fe9662a9d2814c6823c3519b7236cabd7606c7e1e2a11cac5f429a9eff4fc2936aafd638fe03d7b8fa8db8319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8e7e2144334e8de2a8aa6066678bbd6 |
| SHA1 | 92009a8c0fa607f95d531324f1d4b5c7fbdafd6a |
| SHA256 | 0175aee03da8918d5ce0a0f311b3667556738b537350571c93640ad15a5b6233 |
| SHA512 | 44e397ee2e4582d0a4ea0ca01a2bd1c497a0dbaf2ed6925946d59340524a1d1a4ac43d6064a4d927a7a74e2828a7fb03d16919e0937851fb2df3c646269b2bc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8bac3eb7e558493a1cf99b375966b72e |
| SHA1 | 31bffe9d80ac2e7751510cb12ec9041e54a65853 |
| SHA256 | f5fd708d56905b01aa5e93ed7bd0df1958bf47e0897668a22e6b183a7c7b79cb |
| SHA512 | d82958a18670afa8abc3499482c4405acfd977a10195e8bf0db235b0f7471ac3be4950d5631605aeb213b87d8d67106b79c1c0fe82b3347d62da0298ff148ab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b926c9acbb6129df577830cf803d80c8 |
| SHA1 | 4d8922dddd5643eca40878ba45b4df93275f66c5 |
| SHA256 | bf24b405a4c2d1845b31855cbd1a247ed9e5d293f7ed147daf4608e3c62df0cc |
| SHA512 | b5b0dce10c65bc6f70fe5f555fbd2eb961c6c9bab958827bcb3d1fdfa9b8e3b26e015c6a20839469cf4f019bd7b8f8254c069a15836bfda480aa794d50d88a2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e79fe7aada90ff9fada3c1fb262609c |
| SHA1 | ba4c76194f271e7eda2c02ed23ff669f5fbd3ac7 |
| SHA256 | 9c90a5064ef4f795e752979bd35be9440cee237c04c456a2386fba2226f0a8be |
| SHA512 | b6e4db7107b32d16b685af480463dd8c7708801a232e238c7c80179b09aacccd6b1fa4895de84b96e2bc2d09fe614da497786b13da74704871769236fc1eba24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 95d9445502d50549c3e889cd21f4c7ae |
| SHA1 | ec84ceecefc79322bd827c575b56f761964bcd05 |
| SHA256 | cd304b71da6691b34111189a287a8d2eb3661a163cee57d4a7a267a1afeeb28d |
| SHA512 | da4110f0270871b252f74f73ca4399df83797dd9cadccbe8e9853d5b27349bb92cccfea41d65b6dbc2e49eda95577e0e0b1dce954bd302486eda2b0e0f2a1c93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 25023424dcb4425fb2e71f6820cd4dd2 |
| SHA1 | f7752c14f66be22e3a213523ebf124f75b73cfaf |
| SHA256 | d5becd1917afbad45f67c4fdd67a5c3e9b0772943c295d5c8a04dc9a4ea84d67 |
| SHA512 | 1271446c034485567491541ff683e65493641c80da627407df3878fc296acde99a8338d91be0d260bb4a091129e5f1ece1b1f92eeb833b91d3d341daf82f1fe2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a2b1946df69ad1339c1a84904d77f4b |
| SHA1 | 45a38cecf08543012cdbc7003d1b0a942023c731 |
| SHA256 | 78cd2e461a2bdb67853ceca6012e562f918d6f1598b9d0a99c31a83a29ccc273 |
| SHA512 | 8c4000c13615851ef4d16113dab5198510f081498df5841db98b810be759f3cd17fbbbb7cb18ab6bc43d1411fe46f32c4127d9b2d2d7b7cd693b1ec7b9e90790 |