Analysis Overview
SHA256
718f05fb24abea214e72473e56498ef1e747fbbef50fc60aa89ee570b15b39e6
Threat Level: Known bad
The file 6b5d2b73afd423bf0ec4e47241f68b12_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-22 16:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-22 16:55
Reported
2024-10-22 16:58
Platform
win7-20240903-en
Max time kernel
134s
Max time network
148s
Command Line
Signatures
SocGholish
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "12245" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8475C6E1-9096-11EF-BFBC-7694D31B45CA} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "331" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "407" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e681d5870969a36ff19e53dd587db619d44c2195e1fa1a1bd7fc78bcdccfe5f5000000000e8000000002000020000000ad8a8666dac4f46c1fcff014bd2e7f80a67cbb35819bd4afcd74a194a4b0867d90000000f0f88dd94cbc187be1735c7f3239db59555618a911aa8fac58b006de363db586f89d9e6084dc344a653279f9dafb9f7ef56f03a0e154e168aba05e359f9bb1683912cf8d3ab24282c4adf98821cfefaa18161eb56cc6a8afb594e4fc9ed6f80b7793048effa936a46e69014c0a190daa63985fdf5351a591c2c18cec0e250e6af4557a2683220fdac834e7a4fac40da24000000094d594742deb22719199c249a1aa09a5dbfaa1739810b9c285ee79512e75db3019873f042d4b720f89de8f64edf59a35230c8f4991975cc396801d5628516719 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "12245" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "233" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "12245" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435778029" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "325" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "492" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2824 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6b5d2b73afd423bf0ec4e47241f68b12_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 142.250.187.234:80 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 172.217.16.227:80 | o.pki.goog | tcp |
| GB | 172.217.16.227:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:80 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.72:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | d05356f36df864081732da89d61b5c7b |
| SHA1 | 37da0fa589d7acdaca990d994af2a3df97b4aa9f |
| SHA256 | 3aeddc9ad47ceb66ac8611bac30bd52308667a4564a81bf1fc99ed708303ced0 |
| SHA512 | 642da0341b2b99bc30e99e886cb069e039c30cc1cc2d7ccb6cb6672ad2617a454a5d8c0581c69d2d7adbf75a17359e8c4177bf802d3e33b8ae0db938dffddce7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9de7476fdc0bdfcc7b78c40eb0b7ae9c |
| SHA1 | e95ecafe1e4f0da7b4cd6d238d75d367f7c9b5cc |
| SHA256 | 8f4a054cea59ba5bc892962f7ee8c79dafd4ea7e182af0d7fbe3ce89f93750bc |
| SHA512 | 5bc6682c81b5cdea27a198215d02df7e64a53ca5c92d272d2b1140d32deea3d112b596e8eb35e6f79dc609964a32dab6a4ef83b3845b1057b86bd17537cd2cc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 6ddde2472518359a832f4646da35d112 |
| SHA1 | 1d8fdda9ad6e84ba03270b9031320e67603f1a5e |
| SHA256 | adaff66a37c2c029da623a147d7ef82c0163f64e492f3106f9d89d8b89882fa7 |
| SHA512 | f3a804a253c97943217d02a3ef53803ba2ffd2fa3e4d3d53e0cc94fbbb048077061b613e5522265e86f28e6040bbaf2c0be908eb52d156544b265c00599391f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 81d9d4e1bf312b5c4e79f1b3e27a7506 |
| SHA1 | 55d3b2cfa5280cb191ab928b002c73b948f6a36a |
| SHA256 | f3379ad49dd4fc9124f1e6bbe41cdcb9d870cf6b2c6d8674df347e087cf17f4e |
| SHA512 | 77102348db00334a6fa4bbfdacc13b0b364a55ef702ece64559ccfa327bb5e484872a193ca4ca47aa82dee5fcbb79b5523981cd99ac66727754e973d1ffbecf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 773cf8af6b5f5aa3892a16d1b906879c |
| SHA1 | 0a3c4b06658984514d0d1583d5b4993072f0f65d |
| SHA256 | aca4dbe60781ed606e5816b4e523a3a41dece8126da4e72a80cd028b4f449998 |
| SHA512 | d7d0566d64abf15da1f2252d2fb2b10730c74c860bdc47fe6c252416c5fcaeab07c1863680ff05c6590b4d2164f2e8dbc83137f525d3ec8b7cbb7901dcf5fa32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a17dfdefd210d144356ce34a225b2c8f |
| SHA1 | 9b6dc071f88f7654de29b7bcded6ef94d262753a |
| SHA256 | 3c94248431184f01ca505aadd72d0918e15fe4db7812d1bb9e9eaa1fbed8e56c |
| SHA512 | 579250a7d8a73b614b8aca22ff1ebdf72dd0d958194375a6af44133567228d3d6141624a6f3c2ef0a37c8c9db9ecd65d1056d8a0d7ddd0bd9438c5b7c36cfbaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | d6718b92f631bb8d2e1968fdeb6bfa7b |
| SHA1 | a7a1b2abb8b1820a34e4d1d859448d0be18fcac5 |
| SHA256 | 8ce8d8de1d70bab0d4ae42eb50cf105ff0bb80b756a1a97bd4545450df72672e |
| SHA512 | 2dbd2d3a648ed80857c7fed27853dada00672fd53a004f91e8ac25e74d106738af75f9474982c44543dcab91da25c93069002d649bac7fea14898fada77ce135 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_9462FEE0BB0AB448AAF2969AD544DC73
| MD5 | 4afd1a365c19992f6768b991301bd105 |
| SHA1 | 2bb3ebc4ce0daba734e829c5fb117812526de0ec |
| SHA256 | f4c23dda95f32c8f8d664accae16c1cb084201b71623b42804114925feed0c3b |
| SHA512 | 740817c1a3292fb73d1b95c3cd95197527fe89f42c82bfafa8a7904006f8dfeb5b3783d4ec74607f13b7ddf5b20f009f6e6d91834a65a49dde626c5b1c9ddf5b |
C:\Users\Admin\AppData\Local\Temp\Cab764B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar76EA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | 3d3d59a7d75be0455786f9a461b57657 |
| SHA1 | e95eb8dd970dd863ef2f7a41ed811d7dc0865802 |
| SHA256 | c66c952aa1de29c74533edb706384af8c3499775ac02b4c5e4e9149c9a24108f |
| SHA512 | d85ed83900a4d9ac1804b682af1d2752982db4494b11bb72ecb3367502615d8310ca89a1d7555323a314bc7bc2cc134b8404b7519aee1c89ee1ffff2f4c67047 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | 9ec3cc2457cdd9a684c13767afe7d4b6 |
| SHA1 | 4f3a0a63066e7dfa8b19a87164363d70f5543b4f |
| SHA256 | cc7b408185d4073fb8948235e05065dfc6601ae676d94fbc0ab18c6fc2e5c70e |
| SHA512 | 02635dd12fd0abbf186071a52f5dd995deea6b600c2acb6ea4944e40bc49d1bf7e13e805f3685df593214e647e5fd8d5d291b7e75bd12b179071fd32fa35e404 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | ab77e685f0584c683678d6e4e62a4258 |
| SHA1 | 6a7cdfd93db30d8c0c582be989e401942c756283 |
| SHA256 | a695074cfc247c0aadaa03d7f442a0cbde51dbb733522e939ed346aab65d8c9b |
| SHA512 | ea66f8129a2559aaa283f305a374acdcaaba356a8b77e3ded6de9c6bc1b711840b524f6ecf2450bc8b2e1bfd839e4c8e7b570ea5a4425e98bb976150d931bb20 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | e409f614f334fa2998e39604f492c606 |
| SHA1 | 46390fb0eb25c631cf51a4ee47b5be432ebe40df |
| SHA256 | 35e9d48800b2fe080a613d21805ca630badc470427ce8e32adc9a2a08e5b59f8 |
| SHA512 | a24c0b6ba30e8d5cfa758df9314a512350c0d0d2908006c2f16a187f9656c8c93b9d788864abe2837c39e9811f28572570074b9f9b4444041cd50ff44a0ac9b4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | 83bca6a4c2fe7c7fbd9ad6dc4d0c45ae |
| SHA1 | ee346123b00d6fd0b7f4ca3c45e3046529e5a64a |
| SHA256 | 4ae3301d72488bc81a00afc2177f6b773698c8569719dda78cec00833005a4ef |
| SHA512 | 635bb2b8ac553302a7926e74b1f29adea46e55eeb8466f8c80a48fb6518343b2831b280f7fc70cdfcbf184b9d9243d8db2592133838b299fd419f561ddc0a208 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | e710a500d81717f4c9f4e9cbb3e2e8f2 |
| SHA1 | 4cd29d4d42741250ebdfb497669c53b1c66dd6f7 |
| SHA256 | 3a8bcf68a6ec8ea8bfe26020dcce2aca775c0a0f70318a05de1b4f8409f4baa0 |
| SHA512 | 9c5037665bd81e64e1368ae9bc0d4deb6d1b32dbb2893de0511c54a951dc89d877cdc36da323bccb1f7489474e7ec21b8c843d6f339e4448b3aff5bedb359f20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d36ff5af35714ba0dc0180f6f14be093 |
| SHA1 | 77ef64151675198c55d5c828c15fbd884d584be7 |
| SHA256 | 1c085d7b49eb8f4e226fc5c24f1ee06a53a182e392795b17e33a6c2ec60cd6bb |
| SHA512 | 3ec6aae355ba559b2400509696bd8c58c37a13b6bf246e64f66d3a7f11d65e52d4b65f241a363d3c8d872f269cdb3e7111b83748a0e516b70f9430e6b3700bf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ddb1ab182ac319ca53e56ca37fdf3d9 |
| SHA1 | 0068e0b1ce1cb81135a2c09ca49112ec86092c94 |
| SHA256 | 47f84b7d9e62f7afd0b9a28a2a7f50601842b5302dc010f68b5894a906e0aa4b |
| SHA512 | 9fbe38fca238021f7e794f686cae7de898ded31c1639d23ee13b7970cce04ae4c1bc8cbcab907ed1422cee26ba18554f87d3c497dd131a48846addd67d375c2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ca3e60e5af9393812102434e5c5a8f2 |
| SHA1 | 7d12cd3afaf05867b20c6ab9966346a752c5b12e |
| SHA256 | f7fcfba46bf44ec0978ac86bd5b2636a11159345393c7adb5b8b929de3eed913 |
| SHA512 | 0d43510eea5bd3b10ebc81ed88021537cc93ca07ebe935f543de51e946d149b5f366137502312fc89d0c963a20363360060e43e185a28cbd054379eafb53d043 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d26d51dadeace99bba6d755aabd47173 |
| SHA1 | 6e88db0d72ec3725cf22c85b99cccf1e3dd4a217 |
| SHA256 | 618fd388212ad1fb7959f8d6ab8016340b5842b64276f666d1eafb385dffdcef |
| SHA512 | 93b8f3d9f329181d3ba08ae23fceb91950c8f065b5b24784581e3f4d557f9b6cebf875987d069d54b11f061f645e130867a219a7c675e5cfde4b86526bef02c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7939be3c0201fd00c76358755a7c949 |
| SHA1 | 06b44ebdaaa4eab7e28ccfb12dda108dfad54bfa |
| SHA256 | fd54a993fe3a7426211ac902ecca31c513326a72562233bcb8146c8c62a4c899 |
| SHA512 | bbf848045c6769dc57ebbedeac71603567ea1aafbb3a61130ea92e3c00a7288175b1de3be249b54e6d20ccea5507a8f34bdd5bb7d322c2756fc1afd96057868f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 137a14f5f08e33d2717240e519b9c280 |
| SHA1 | 14b9601b7c7bcc7e558e85f249e98a6dddf0173c |
| SHA256 | f8d0b55b99689b6c4b9b18f7c2ee264d318280bc842a68d0a1a1545d32db98e5 |
| SHA512 | ac038783b1a6045f8acc2bc5088d7a5a90f5eaeaac05690a8c130694512670722dc4ef7afdf69eeecea2ba85e8645074a4ab0771dd58aef9674a6d28aa8b0ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ac9f680db7b8434954e6533651519ce |
| SHA1 | c3d26c6b2624e113fdf037312162ccc6b427cdcd |
| SHA256 | 3ea7cd2499882bac35db6927dd5b89f18c92dcbdb30a1119cef47c85ba6730df |
| SHA512 | fbf0ec264afe677d8c393e89532b969c9aeb610ed1a5c5112171ec29981494169296b80309d423de0ba91e4e44b45f967790a439686e129139803933bcee64db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 992306f6aa29f061cc970460604a5395 |
| SHA1 | 8b0792bd8db271c27ff104de2e4628a3591ace1b |
| SHA256 | 8863785239fe87ecc6012d593c5cd4431a413e4f1526d86e16d90868495f6d11 |
| SHA512 | c46aa2314dd2202a89b1256d0dcc7ed5ac1475df9b507044bfafa80210a34fc9c3386e1136adb3c49f3b8217d73075a9378f8a47649aea5fc7af8dd28feeafc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ba210f57e7981ea4e1de5896583217c |
| SHA1 | 3067ee106b508ca491e71a5d06724f98b5b1753d |
| SHA256 | 4e0af33c82a2bf5a82cae7a7f837da518cf4baaf3f2b9e75444c0c5109032e9a |
| SHA512 | a6001621a5209de742b39b95e52986ecd89071b0f49000ec2ea871e423e50d51b42442c60f5dc117828da00a9303f6d3deeda40561de6a56cf9e9c0b1287eb8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 247021b3476f61c9ab401d00dc2d0671 |
| SHA1 | f06e19cd03c7e120fa4fbf428881fb9b813044e9 |
| SHA256 | 305a8af8d5891519a8b9bda03b11ba67edf44a10467eb91cc56ac105ca468247 |
| SHA512 | ec0a8078097e4d0f5440541ce900185df278283385b296e7761cfc6426e45611a411b22919b3b4a2b16cf45e1c35e10e645a6d22010f1ab7441a0305649b2cac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2f8fd5abdacccad02280d635b88b550 |
| SHA1 | e193e7e9676a254bc9e50e8932d795001912e021 |
| SHA256 | 892b932f8c86242ec61f85e79d2de329f2bd29efa78eeb449b03742acf44f300 |
| SHA512 | 0d0fed63fda00dae2da7701c4512218b4d2cd6ffb2cf05909e368cb886ba5dfed267a6c8feb21d5d54be749aa46abdc830f0ba678b53818693dae7d3b78471df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 884e58cef659dbb99f31e593cd57da90 |
| SHA1 | 77469c8be2e29149a515024d36650d38b560b1f9 |
| SHA256 | 69fa3384808a0e06e5fea5507e2afcb1c63004208c737d99df1b1d9f00de39b7 |
| SHA512 | 52743e26ffbab792e45a7afaa6f27c49e4d8277702e42738ea65ab393618e5ef15618a5c71e1cf1cf0f6074400058d81c3a4fb3337b96544f99f2bb25c3b7ab8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HAPAVL1I\www.youtube[1].xml
| MD5 | 73f4e170872ede8d6855c8f6c8866406 |
| SHA1 | 7618268cceb7dd7386472a8bcf2bda55076938c7 |
| SHA256 | ced94d4748ac5fbc94e0d2af518d74b9a9f3c6d14c876ccb3b6ba5eba8573890 |
| SHA512 | 40e80a46e367436c6b7d5e2400a7bc640487d3d6864dd4c43cb557198aa6e8998b6eabde5ff8baddf73f379b806720753766b144a05959ebe671906d8d3c5319 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d7fbc72df37cd8aca55dfd3166875b3 |
| SHA1 | f716d7681753bdca5b440296e72b1c31922c4360 |
| SHA256 | 064d683357b9770b313a7ffbbcd2b92293e13a3527a60820a7c241676d8e51f2 |
| SHA512 | f42eba47a17539db8edfc6445acfc792de37b02195c193102c0d857d8f10b3e4c184902ffd19e63863ff52912a16f40c1cb25ffd8eee94c24583b0802eb21166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b45b9effbb8b3a94069eaca091a1d89 |
| SHA1 | 2c76626db3b0d776f08c518525192539e0d79b51 |
| SHA256 | f750146f9c3d2b388616db5b726b9aa71fca3a441d4fb11cf5e9be638101356b |
| SHA512 | 5686f4d2fc55b30e1c6e5f5417fd456cf2b2a1e7527b53404d3630fe5316a8cf0c20c8fa661fef6aedc2ed214283bf05ed656a5b82c7249e780383ec1fadc939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6cb2dfe89b51c540916f7e0b8bbbe4ba |
| SHA1 | c0ca07b236e7ef5ee9f7516b94cd9aca37a52caa |
| SHA256 | 95beb230198e6f35cd04dfb0ea185b2bb3d08ef25abb28ec30994b69feb4d3f7 |
| SHA512 | 08e59137f8589d74f67ea00d0d6a567b123032e758615438f0e87e84cd2fb71b5b6c693de72ea3f88445f2156ca5f973cf9019153cdb263cace95abeec386973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a530f1e7b2542bf20c59b08e677bff5 |
| SHA1 | 0c623eecde4d25197e8e34a20c42fbf9c07af6b7 |
| SHA256 | 6fd8b8eaf968740bb309f0dfb15d4d72922fecb75dcb6b7645920efbf8669cbd |
| SHA512 | 742f8eb7ed7fb17c3cbbc0fd3c59664f0a3746e4ee3238dcc35727d02609bc5759dec55218b190ce81d69d021e5f3dd48db6d13e08e1651746588602ae11d877 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9697a676e78b54bc8c855eaac2a6ff48 |
| SHA1 | df219d6200223760d6ba515f090be599e347a0c5 |
| SHA256 | 9f079563b50147d2058697109407cbc0050fea24ec67873708217da41c8926bd |
| SHA512 | 5ce8a17c3ec7d14ea5551d0c3352d2767631ac562a30a05f6008815084eb603325e2b2dcb738bb316044e3dd9c48996030e7862c05fd42987473ff0ef52166ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efd4089e67bcc1f037b7a7d9c7d75d45 |
| SHA1 | c3b80b26da8f2f53f6deeca88341ff803ca846d1 |
| SHA256 | 6faf96116dad6e62791a48baa60a677b93b3e97d8436aabd142672b85a265c76 |
| SHA512 | 6b2741ccd2519dd64b585a8bca01cecbd16e62d78afdde425e9b0bdbb71820f581202acf8aaf2c9b55c53c621f5b3c3258d64a7f8c09f8af4c2bc7d32f4a31ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bb24b1a36d215ee5ab150ee0d42048c |
| SHA1 | 46d7ef9b9369f4003941c7af8e7b706ea9af97d0 |
| SHA256 | 8133552103b62429cd432c7ef9ed4fed884b56a4ffd45958a3fa484cd2301411 |
| SHA512 | b5ef165dde0b2e28f44cacdf7dd3fa2335de31c2e107933fce9cbe21a1c438a13f0057682d8945d11252ed46ad0768ad95effa8f8306a3980d12a4d1d7806a0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 954958a897edc8d56d8a530b2eadf0af |
| SHA1 | 5d653c281800227c6132c5676570608303411176 |
| SHA256 | 71ce874341bb04c1a07e0dc207265f3540bb8f37690270989199a30bff55394b |
| SHA512 | cde5d464d4ca8757c4ce3f8e8f9f61aa486eb5f65489ced509a55ad14bad6eb0c9edadb6cd9a1da0d2113a2fd25f156bdb46e650be44bbd52e956d2065bd65c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94bdf9ed1026ae405229fcda6037627a |
| SHA1 | a2bb0c4d6630cecd5f03c7ba719b42a8091c7810 |
| SHA256 | cbf4c37c21d0ff46db88154ec40e2744375704553ba79590433b188280ea8823 |
| SHA512 | f60f750af4582c47363eb256b72bd65133f55d09e036c2bf45e8416cd6d5373de2afda7bfb06e0bf115ac20f2fec627917d34bcac4cf432e335c75d7a0792bc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e142450d859b6fa175ad9b74db2b10db |
| SHA1 | 59b0c19ae2dd276e6acc6c8035cfd0a032ae7143 |
| SHA256 | 62b0311047eef3b680927e53fbde2df2b8cda58aaeea7c6403c2b0aa1fdc2d47 |
| SHA512 | 47b9f7c95587f7260c26fa1ec352c7a83869bd6e933c827d8122e75969f8db8fcf11d02a96e84f2cff7450337553024719e44c828b0ad3cf1e788a9a573786b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | ff9ef63c3a0c06fbac27db13bca05e1b |
| SHA1 | d3cb78418f24a556770bcd47c737b9cfe426f495 |
| SHA256 | d12e58f3325d201805b929dd8bdf5d5f519407bc347cf1022e179ede2b321b84 |
| SHA512 | 820893da55c931f42ea56dbda1b1085fbb1bcbdf2fcd96d1b1dbea01ec377d8afbbd0c443bd9adf79e360b2d6f745260caaba2f09de72d08b4a591be1c326710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cfb9acff4b4c8408e4a43c1bebab511 |
| SHA1 | 7395d43a764158345bb22213e56aab19ee250d71 |
| SHA256 | a824dd5df4910a061b4ba861cf42b090c2e6ac7b7211eb58065b4e3d658c7a0e |
| SHA512 | 87b34a7fee921853641aff5e27627ef7134f364fb76999f423ee718c6ecdc91becb2c9b2b4a23b7f4aedbadfb856e7bc4e99d90cfcb0c05e156b6c7be3c5edf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df767973dccc3f506ff861c42eef478b |
| SHA1 | 106381f8108dda5f955f03cf85c1c5f82c5530eb |
| SHA256 | 5a2a847cb5acb70ddd800c1e12955d6521096920417487d7781f3664a001e510 |
| SHA512 | 44aa16b9e7a9c83cb9d384a735ff6850a260e65c631505f8684ce10b6a2695f0f54f243e14a1b6b774015a2faea3a1af63290a3ff5c71a36ea0496b541c4bd74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebe7fb7155b4b4ed40f057e857bd9d8e |
| SHA1 | 1da62da1619a43cc1c818539f65f34f974159f64 |
| SHA256 | 4f998f704091a430eb920d2072f77476e9782e774d5a14dcdd92628bd9964b8a |
| SHA512 | 14a942826a4702398c9a4fbe38f26cbae21d68b89a3fc282e10329b956d9ebfd9546f9e37036d248490cdc158884a15c41f606c7d2b62b3c295b9c09b046e877 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-22 16:55
Reported
2024-10-22 16:58
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6b5d2b73afd423bf0ec4e47241f68b12_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8236046f8,0x7ff823604708,0x7ff823604718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8137089827117431604,12988247800429267917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7112 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | tcp |
| GB | 142.250.200.4:445 | www.google.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | tcp |
| GB | 172.217.169.73:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 157.240.214.35:80 | www.facebook.com | tcp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 142.250.178.1:80 | 4.bp.blogspot.com | tcp |
| GB | 216.58.201.110:80 | www.youtube.com | tcp |
| GB | 157.240.214.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 142.250.178.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.214.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.73:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.184.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:445 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | themes.googleusercontent.com | udp |
| GB | 142.250.180.1:139 | themes.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | play.google.com | udp |
| GB | 142.250.178.2:445 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.178.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 172.217.169.73:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.180.1:443 | themes.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | sayacintaiiislam.blogspot.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | udp |
| GB | 216.58.212.193:80 | sayacintaiiislam.blogspot.com | tcp |
| GB | 142.250.180.1:443 | lh6.googleusercontent.com | udp |
| GB | 216.58.212.193:80 | sayacintaiiislam.blogspot.com | tcp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_2916_MDMMJHUEGLXTBVPZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ba9c13ad6e2de3c7b071cbfc1895802 |
| SHA1 | ebb2bdfda8cfb4768faf8bb1eae22f6d9d80d353 |
| SHA256 | f251bb5d6e27e6e0d637a3003ded8636f0f2835ab39b7e727fe1c84774d3c58e |
| SHA512 | db75301c59e5099bc3c6f514b384ad173e15678dc236fc0e029f0b273abd755ceb3225b87d33b69c437d8a09e59259455c6fbc6eb866c827647fa30b7db0caa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 67c62c42506542f0bcd076992fb9b26f |
| SHA1 | e3fd2c0dec8e3257b41c6a8367824ac88738552e |
| SHA256 | 3e6c792f1867f79a4af0921dc00fc39f281fbcaf4984b8080ef895aed291d334 |
| SHA512 | 2cd8a3295a2a20310798813f426d79aa13c64e2052d5770c19d6b9f5c5fbe9ad9d422e73e3f4a9dc3682e47225747c8fb13fdc9394ba79de8b540b28b0a85f80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ba2297f8776f6fdad3c4039b356d7cf |
| SHA1 | dd85e29524f501be27aff55328cc3f4c3cb3bd7f |
| SHA256 | c12096b3f971f9a4a3df0d60a53f50ca3765d195d006bc0d75e4a6b68a2280f4 |
| SHA512 | d02c5100c760bec5909dcef14ec4625e1f4029ac32ea1808fe0c49208ae1ab913b7c8098086566cd1c800de95ee1a9f23f94decc9a8bb1f07b97d0461857bb1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8b2a9119b1e45fff9e156b4b5ea1c110 |
| SHA1 | 1fb76c7e000c895f162683f8745dd7ac7050d1a8 |
| SHA256 | b5d4219f0895f33ec203e6f807458d7fbfa4ce477dc3f7581df3af8aa9ae53b4 |
| SHA512 | 6b457f037878bd85ea1a62e0a1efa716aa09951226ff0afed36db7bbbd82dd72c4850d9c6cf3311453b5832f253f54f0f37a57045dabeb76bed9f2328cb44985 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f91bdee43511126f525a5cd71694c671 |
| SHA1 | 4b5f045de1d5ca985c6e6a1fa4834a84cf51153a |
| SHA256 | af7f2ae372e6093f10f9fe62e0105f063b2684d5bae8bae12522d170cb530f37 |
| SHA512 | b6fb8866d21b87177ff2f7a10c047651998386d7a019b1fe76dbd2ec5ecbccd3d8d9464dd7ae24cc3259b17f503f741b3d3f8fab2b2e34086123a67aadafbb2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b59a3b42844893d308bae1a9689da185 |
| SHA1 | 5e78aaafa9bcd76cf1e22c7809d524b740259655 |
| SHA256 | cc458e5feeb183f9fda538411fea0cac63728e20ac3ee737076d67f82aec3263 |
| SHA512 | e025958729ca7d1993b6b571e0fb5c20a7e8db3c294772383126fdb892cd11012d1929ff062ccf7274c116467143ff71a575e41fa309f1fa2234e078535c605e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7293ce5f03bc6242fde79747b052b083 |
| SHA1 | 62b081da1c1e2585c4b567f1cdc7d51983e13aaf |
| SHA256 | 5d78e867d60128dc62971be1eb72069c1bf97befbffa9d4a5f2b5753bbb92764 |
| SHA512 | 41da54828838228022d05e4730ed85388164c547ac33910eee61ad31a2052f6b4d46530c98d1323ce612fb93e33932d2452914111049e7e5ba87d906d0798d4a |