Analysis Overview
SHA256
81763f5e30c6e0be3492e3a9cb567a07ecc8324cbeae5c3d4bbc122bb8993758
Threat Level: Known bad
The file JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-31 16:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-31 16:55
Reported
2024-12-31 16:57
Platform
win7-20240729-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441825987" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "10976" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ed27dca45bdb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "10976" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "10976" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04519AA1-C798-11EF-A641-5E10E05FA61A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002acb817533ec2d46b43fa84c815304fc0000000002000000000010660000000100002000000073c658d72e6d3badd8a5b4541e5ea3e4cc907c9da71ee1252994531f27729325000000000e8000000002000020000000389bf3833d3e22aca7eb7af5a38afb3cba9c7be73115b9e5ba74483151d060e12000000000975d6c5c7b1c6b34acc25d3a652bfb5ed4d985235f8dffe4b5efcf8e156d46400000002f9392aa0c725bf917daf08e53e1292c14d4bab3552669a117bf5504c55245dfa37b8d832dc000099f7fd929518e708826f7bebda3fdfc6c933a12031c9835ab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002acb817533ec2d46b43fa84c815304fc00000000020000000000106600000001000020000000ab4a6b3ca7359c4fecb781b470e6a11720abf3a583ae89a7bde336970cd953ca000000000e80000000020000200000001aa6d51dc4d02eff7ff0af96484ae9465d5eca1d6c420b0b78233f3189e8c21d90000000e4c9f55fc70a8150db4bf22b5b6afad3e2465df689503db23e68c06179500b0d0189b1ab13f9a3b7dd06f97fcc8d54c0fd3bc6578e4bff7bdbae8f3679fbd38fd38a663d113df417fe1e88699c4ff43b66bd1c21f20e442af64f3197b402989ec155faddf568ecc856e906c1cb0e1fa20959b91a24a9e499190e98c1cb0194fc8b52519d4e52a9c867a8492917fb1dee40000000c43000750891106ade0ef426cd64194c60f2258a95969a363f6ad785a2ad444ff0eb0c11df7ccbee7e37047bbfaf8abb707729197b3612ee849f9b8600eb6cba | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 528 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 528 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 528 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 528 wrote to memory of 1672 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:528 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 8.8.8.8:53 | i1234.photobucket.com | udp |
| US | 8.8.8.8:53 | perierga.gr | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | go.linkwi.se | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.178.138:443 | ajax.googleapis.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| DE | 5.9.46.15:80 | go.linkwi.se | tcp |
| DE | 5.9.46.15:80 | go.linkwi.se | tcp |
| FR | 3.165.113.31:80 | i1234.photobucket.com | tcp |
| US | 104.21.80.1:80 | cdn.wibiya.com | tcp |
| FR | 3.165.113.31:80 | i1234.photobucket.com | tcp |
| US | 104.21.80.1:80 | cdn.wibiya.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 172.67.164.136:80 | perierga.gr | tcp |
| US | 172.67.164.136:80 | perierga.gr | tcp |
| FR | 3.165.113.31:443 | i1234.photobucket.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 172.67.174.110:443 | www.tealdit.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| FR | 142.250.179.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.215.46:80 | www.youtube.com | tcp |
| FR | 216.58.215.46:80 | www.youtube.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| FR | 216.58.215.46:443 | www.youtube.com | tcp |
| DE | 5.9.46.15:80 | go.linkwi.se | tcp |
| US | 8.8.8.8:53 | webobjects.insurancemarket.gr | udp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 216.58.215.46:443 | www.youtube.com | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 216.58.215.46:443 | www.youtube.com | tcp |
| FR | 216.58.215.46:443 | www.youtube.com | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| FR | 18.164.52.128:443 | webobjects.insurancemarket.gr | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| FR | 142.250.201.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | r-login.wordpress.com | udp |
| US | 192.0.78.18:443 | r-login.wordpress.com | tcp |
| US | 192.0.78.18:443 | r-login.wordpress.com | tcp |
| US | 8.8.8.8:53 | s.intensedebate.com | udp |
| US | 192.0.123.246:80 | s.intensedebate.com | tcp |
| US | 192.0.123.246:80 | s.intensedebate.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 104.22.74.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| US | 192.0.123.246:443 | s.intensedebate.com | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | doglovernews.blogspot.gr | udp |
| FR | 216.58.213.65:80 | doglovernews.blogspot.gr | tcp |
| FR | 216.58.213.65:80 | doglovernews.blogspot.gr | tcp |
| US | 8.8.8.8:53 | blogger.googleusercontent.com | udp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| FR | 142.250.179.65:443 | blogger.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b983e034726c96cbd74bbae44ff3087f |
| SHA1 | c124bc5843682eed7ef8e4c676b035d280b65e30 |
| SHA256 | 87bfad7e3eee4555da2c7bedd90bd8c3fbe230756139e89d5f960cca836a6b16 |
| SHA512 | e9dc5de2c3dea630c015515cdcaace22c6d3e8104d13f52eeee5cee784af875756d451fec3ed962031fafb33346000d1dcca329c5f809d514bcf11e6125fcb70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 33e7e752397bde42a600a891388f23e0 |
| SHA1 | 66318656078c4e6e6e6e5237baeb510ec5a2aa4b |
| SHA256 | 58dba2ba487e75996d6d6762b1c5ce8d432f0a200333e3a7093168f4bba2e356 |
| SHA512 | d055c150684b54cc774d2573e25a5cbe00eb0da297c903a46a60409ddbc59baac611c6ad3b098bfe109f09e0d74e0b34b009bbf227d661f2abd40da6623e7ddf |
C:\Users\Admin\AppData\Local\Temp\Cab8123.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 48ff4de810914e1bd84e8766749bdca9 |
| SHA1 | 02f84a7ded113ed173417c9a4f6244883cc55e3b |
| SHA256 | c71707a9d866b2ce645643d131b0c931f8f30a6b81e2ff12d1ce2dd6726c1051 |
| SHA512 | e2a1b6ff3da546b570d454eefbe885f267d98d62ed09e3e99505fe66475f40f8456f6d3ee408e5cef63a36c5c3ee78f65a7ed6c7a91523d9623a29449ea809d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\Local\Temp\Tar8146.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d564f244e735110d3faca66fbc49f02 |
| SHA1 | 7462120905fae520dadf3435a269e9ebd6751871 |
| SHA256 | 19633924e8f4776f9852c4a1e54740beed63d8d23d4dc2d925992e97379c8772 |
| SHA512 | 62855adf321daae75641f360fb822e55123e005233b5e02b505d75bd3544b9475304fa4b055e2bbd7d039e572c830db1101b2feeb639e4f634d6f7485e12ca19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_2AC354D163B9A95ED11B23DFC6FCD931
| MD5 | 63961e45588d412dbfc6889d05eac5c7 |
| SHA1 | ab26672c750c6015114dc856d9cf60edfacd132a |
| SHA256 | 65756d960b30fcec67e58d508df0c16a9be21a70d5398d9701a684f0b2b99e66 |
| SHA512 | 842b1549ff94ccc72e02bdd9d43d3d230963502f95817faf2568b9a582f62fe91bc64aff80ffb8dbfe9a216e03b53076d664940121b99f42859e481128217937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 535686750b9e4f8e82e0f98267f0abee |
| SHA1 | c39f20a1dd8b4e3c12586248d2472cce8fb7180e |
| SHA256 | df4c4122d05d7f0bbde24e540c4e294bfad38f7aca9b7b2249664367a1c14581 |
| SHA512 | 1b64b4244d6666e60d8e21f87263fdb023a52b4a92e7b63c4ef1fa6aea43965fd1ca3a950a83d86afabb1530d3e73961bfc4b1a4d763bd7f56cdb0665f4a8da8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\plusone[2].js
| MD5 | 3c91ec4a05ec32f698b60dc011298dd8 |
| SHA1 | f10f0516a67aaf4590d49159cf9d36312653a55e |
| SHA256 | 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf |
| SHA512 | 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\crl[1].js
| MD5 | bf85596e03bb78f777a0594c86522ebb |
| SHA1 | 68fbaf69eb6745adcf32669e6f97e616847d6ed6 |
| SHA256 | 15928aa05f60c793d4dfcdc4ed2ffad125b78face4c755cb5c2bec4d381e935e |
| SHA512 | c4bfe5207728937359efbdc0ca7963a348dc8fb31e9f3b003490a3192edb2ddbe4199660d8010b196d514e7908f5f1527b6ea705f0e720a327f2029f58fe8860 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | 354b8c7fe937885e54a0fcae963f21cd |
| SHA1 | 1c60bd0d583e466fea91e150085fdc48239ae873 |
| SHA256 | 623dccaab6906d5cd67e7dcde9ba88657e9354209ac58fc0a2d7a2ee1369ba78 |
| SHA512 | d9fcde4932257454f1eecaead9452b10201782cc6133fdbd7345c3d4009abd6a2b34c2fa647753097fff3fd59b1da4a0bf1aea796fb7a813c8bfa94ca8d29b88 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | 5a48ae9f8b1f4256cb7e90226574eeab |
| SHA1 | 86026cbd5dee1e5651aa2f72c7a15f25287fbc5d |
| SHA256 | bdc23c91c360c4681a4f8a85db610373d98ad2b3110659ec57abb08fdbc8fd31 |
| SHA512 | 6b175300d36bbc4691f035c2fe5662d9624763c0fdc8b9b839305c77d3fed78290af4983f4bc7b6727f9871bd37069b8bb26352b94382d05c06cdbf439e7d4a7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | ce9b572916143e3d7f0a086eb9d72a27 |
| SHA1 | c4da7df015df6b0faa28dbe69c22922151b43376 |
| SHA256 | 7a120c65fc77c234524d9dc296a381c99d1b3b8de4549e7157fc42c0c166d505 |
| SHA512 | 09a8ac9cdfd87512ee48275c0bc335d5ca08ed649603ca15c3c0122a372a209d3f959aaa24e206cb0cb4c9e54df1da2a0fd6c0027562a8ae3852ab7a83a41916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53
| MD5 | b33f3f640db8458f79fa6405aef8319b |
| SHA1 | 4b1b05cebf564ff8645ec7792141b696c2b15001 |
| SHA256 | e077cd807e199e07ff92abcbb428836ee4b9437afc50be8ef529427ebd061ad1 |
| SHA512 | 47a69938b3171f6a6b509311bf1f3599da569893fc3d1bbce3bb4b4da13e9eb33aa81abc1a9e922f3d5e6b3f029418e16e142f1590f092a83d0ac3491f820352 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | b0ad3e02392977acfcc9b4bda6d1d0f5 |
| SHA1 | d40184dce4ca57a6c160a11edde2342de12fcd1f |
| SHA256 | 85d9f806587ce7037fce4b03304908d1634b49b5ead51e5f62fa7e3ae31d0bb0 |
| SHA512 | 8da33b0b0ed02706b3c0b118b9fcfe874aca21bba16e339537d0960fcb09715670abdf7ed9d6968363cd10d4ed6bc3f6074998287f092b54520c24ee2423da80 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | 9498994000875ab9ff9f8bd5d33ce271 |
| SHA1 | 016afb2226fa02eb5c96413abcf7ca857ea7c979 |
| SHA256 | 22581f243bd5103e1b34710841c7f6ede24d424daedc1423565fc3d800409305 |
| SHA512 | f47457bad572931dd7d168c8fccd3c34aca3b40df65863759247f193a7aeeabd9cf0185295a6411a82a66080d63341d96400ee47c6beaecffaa2b81edfdfe850 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AP1ZYD8\www.youtube[1].xml
| MD5 | 550e23af62cb287cbfbe5e9fa98c4c2a |
| SHA1 | 233bbd6ba2fc6f9f116fcffd4d3a985bb1d1f911 |
| SHA256 | 7b95038c81257a57fb3a337ecfcefd65bcb91fcd54a96c7da86b7043035ef6a8 |
| SHA512 | b2547b058c7ccd03f70164f77e14f825df5f822cd5b522ae455a9cb225acd28a95ce96e564cd26e239bb06607adde68da3ead4a742dcafa4a209d757fcf36076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3beb8bcca8818f109421837a10e46a16 |
| SHA1 | 7c6b0f1f7a7da584d3365b422782382ff356c769 |
| SHA256 | c1b9ee27a82a87d0eeeecd55ef26fa8b257901a1ea865364cae646c2cb8f84fd |
| SHA512 | 8284e43354881f445739b6d183d54f7bbdd06e50f65536842bcb728d7f4a317c3b7fea6c9a060c84ceef5f3ec78612577370944cdd408b6c7481dae82f6f0024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6cf248a840c5f546b65e976769bf8792 |
| SHA1 | 7026cba0a623afe7bdc3ef03b4eb870a53ef7e20 |
| SHA256 | 04a0a18cfe71f39460b6e2104e8c2c4998d0bbe12b083e1e4168781b039acb89 |
| SHA512 | 503d9f87b5a9ca5ce17a61ef308725e7d00848e8f9d10a692f02f8149cc514df01bd001e74dd891c2fae3dbba49550bdb5be9c303702cd9c3c71e002170f9734 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a454652bb7a381c07ff4d21d4ccaf099 |
| SHA1 | b10384b6ad3ab15cc63a6f1aa9c46d6d33c6ff20 |
| SHA256 | fd6cc6ba86cac8763e15066cce012295fde9c35d372b1ab768fe3817117098ee |
| SHA512 | 53c70bd740c6ad0602c785292e378e455be1757c1b40347a8613fa8e1ffa282ff9a0dd5cbf8d3a45188acf6a1d1621337389df5476a734f7249a411c5cf54623 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 066efed8728eae3a902ba24e08835ce2 |
| SHA1 | 949b588431cf44ecda9493173dd4419f8bdadfc5 |
| SHA256 | 9a13476cfc22b521c361b73e1a2592677ee4a2731442837a93e3274768fa3603 |
| SHA512 | 5a09304f67fb59a57a94ed584a953278acacaa6f79f605bf0843bf569f4c0f5a9e00a9549e4a3cbfa7c4eb65dfd84383123af35ac09630221bd3235099ad980a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd0ddbe7a9013f66b9aee634793f417e |
| SHA1 | 65fca2e6c748343f0984ea881f01f4821c78f77e |
| SHA256 | 8b56c20b006be587f23c321767796d62f4011597dffd99bc15218d680c36202b |
| SHA512 | 274ef6d48a0ccd2d47795b496c2a85760f7a76d8178c753c140b0a23c5d1bdc7d8c0fbafa70b19f7549963bc6dd66670c2f84ab7a539710710177f16298986d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0263d7e20b5b7ef169eff6431324feaf |
| SHA1 | 01c8f63df5073733b5d98af49e1600cd53cebc49 |
| SHA256 | a1a38c7c137d54ea7118eab825c26ce13e060f5d2814cb4443fa3ec1c086edfe |
| SHA512 | 643503e3571066d8eb3d639bbc48ac10ff0c8111b67e27ef00bf8f10e104b2bdd1dea01458cd0bccad71057fb5a1d2e36b435ea52dc01a1e50496a951c104870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0cae492caf25477e4ec58aade04165e |
| SHA1 | f60327d6a9fff7b2865efabf115a48eeb0d42175 |
| SHA256 | 33904781ca82dac76abe1bd1b0b67904bbaa536e8a215d4b45011016c0289620 |
| SHA512 | 256eda4b0f78c2b38d7bd176d0feb3a94e1e88b5474577c2574b5f8c00916b45ea6e6d6373ce67943d3ec297832ce280ae0bdf9102a42e35d1f7cdcc70c697ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31a99c405cf14714aa538c0bce560341 |
| SHA1 | 59d0501ca0234d4849f8f4923174846e8d203948 |
| SHA256 | ecd8c1c0e245f593be7468fdee9ea6f83f9f1a5b37c9eedfacb448257e41706e |
| SHA512 | 9ff155df59d540d49855c2a3d4788e2479c27f51da8aeb7d8d946d16342ae5fa99e3118c29464e9eb75a4a958393b00d21bac33bbd66c856d0e580c5ee00c2ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3edde867ff527090c2647a4d4cb2ea2b |
| SHA1 | 426f1142858d44b4f5bc00d0d415ef507cfb7bee |
| SHA256 | 68aaa962812e1fdf08b1d195b2a05c44278591872121d677562a3e9aea47dec5 |
| SHA512 | 6646737cae548ed8a06b1d6f20f98cc6b56bdbb63bbf56895b712b79b6d0afcc0fd1935188e5cb02dcc5941fdbb1e4c3cafe3ed825484e5571aeac36647f88fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 390fa2cc3270abb91b7c22b84f2a59a3 |
| SHA1 | 082856ba69a32a6000109f0df96e52a1719b1b49 |
| SHA256 | b9f4fe5c0af37fcb20d083705bc115ca69e010a4a4ce01dd443f8029e73663b7 |
| SHA512 | 8366cb01b07cc87887490918d8912e159baf71f993e386f02cec145bc84f962036b77bcfff5e0310d29b49960919a2db599a28ba4f33b49c89a2fb4eebde4e01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f414fb409687358860aba18e6e7a344 |
| SHA1 | 5e78414e47452b9eac99ea608e9ecdad842d506c |
| SHA256 | f9d67f937fbdf8885a87e1c967f8621a3f82cc723eab0bb0a38c7a03a55ceea4 |
| SHA512 | 7390d88115519445d93494131b7dd83778d34d1f8f11d252c6bccd9981916faf7e471977feb0c04b1a8fe6f46c80c28a67a88e4b35e68c7bae5a686e1c6f3f1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364f4514d62db4ee318333271f06b874 |
| SHA1 | 866e9cfe274b83951a44f2aca1f7083882243a4f |
| SHA256 | 6dda8f1cf58a7690a3ee5656eb4c45bfe969d0920ea67923db3d7772b81ad79b |
| SHA512 | 7489fec7f262a2e85e873cf75e3126b27537adaa748017d48bf9f2d207e67d61683e924e05f1b0504a64a1ce9679a68c9c709e7ff6d977f87af2d153246b4d60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f01b388a174d729a2611ae82f24f558 |
| SHA1 | 069de11fc02cb8b2a22effa2eda952ef775e7800 |
| SHA256 | 59ad08ef3081e12607cc3daee171e7d4585c865c4e9666a96d781e1744787b38 |
| SHA512 | cfd72c7f5be1d17a7aad5fd8c347a8f4712d56bb1e5b690265161194bf07ce1b33c314b4fe22b94824163f3a3ef795ec9aa6ea90d3ab09a303289d5ffd05a791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5f33cbc5c3dd2f7b06b71146d36f49d2 |
| SHA1 | 05c3bc6784bae8f2cfe80b8d458d8f7c2330f36f |
| SHA256 | 48826838155c0fd289b59c971ad96664dc7b3ede49cf5afc164ef97de11807ef |
| SHA512 | f4c8b7c3097cf835c0488db8516523b08a02e81e490510ba34a9251016cf734327afe5e2b2bfb40998d681fe1ca78e68cdecc55ca7154713b801e100910fbffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c82579dea2b2ff8b2fccabb821407cb |
| SHA1 | 18c954d06606e11cdfe045c0696b66912ccaead9 |
| SHA256 | 8adf115b789bd21052db1332773ce93cd43a731bf1eb19f3917357ca6c322332 |
| SHA512 | 675d2f5e4781b92ca23a0bb2b253c5dd42162c9ed30ac5339336ff1f24f1af7883de181acc0ef2d4ef59cdd21114d1458506b3a304ec982912604cf99d8f72f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6923d0faf4a16a6377da2ca7d5eab891 |
| SHA1 | 0b8958fb5f5ee0e4080d5a1d9bc801b653edd05c |
| SHA256 | 660ef2e8ebf1c5467e0c9a1eb58fa5424116ec5660d43d950f77a1efc440e875 |
| SHA512 | b39df76f48509712cc44685096e076fa4aa90fbde362dc7ee0a7fa97235c1d2ed9fc75fbb9965933df65d582e6b0e4f321246559d088e1f96cab3ee89f49e562 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 1e75a67ce8bac73b64e073e7d577f478 |
| SHA1 | b3b96343c0a635db1dcfc587eba9295696c6971b |
| SHA256 | 36aa043af17fe10e3c83b170de5ba8ff418e746a918af12bcede09dc2aa1e2c9 |
| SHA512 | fd76d480094e8d77560852c4d70ce206a5f76847b028e1ec716f09e20d5c7cc94dd26463274973caa805e4486871916cb62f761e777c4452ee17dc0edc977917 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a0c119ff2b9cb1580d25893c1bcf834 |
| SHA1 | 66aa0b96bb42da574910c8a175585478531e1038 |
| SHA256 | f19711c468905cb4ce36b0797c73f31002a38d55553f7e60f8e0c17cb30b5019 |
| SHA512 | a58f0decdce82acc6611b2f5857e94504d332355ad6db24d8f1bef63a4fce43ad75b7a3de33c29668075267ac8c3e1bbe4fa678afa5b9841b4baafd851b41a56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6aced1880365065ad9e0d9fe993b5a |
| SHA1 | 5b5b3dae2bcbe4d71729213e170ed5f6043f4a17 |
| SHA256 | cda20e789b8397370ee80775d22550b5086a16977c48ea1060c02641fb2da525 |
| SHA512 | 6b121d866c193b6e55916ffedee065f4255b2809609f6ff4034a0668f8889b497145a23b2aa57dfa390295e26122efb984bd97b1c9d901c5b4d2a488b20ecf9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5eb409056477e92d8b0ee9c906fde02 |
| SHA1 | 22eab7217ed1c301237931337e0b1940515afb41 |
| SHA256 | f6d21ab658cb706067b836e758138196adba8cf46582892288ca4c5bb660eec7 |
| SHA512 | 2240c76a273398e41cf2b594986b1e4a61d3438d1be32c996e5e29567d0f4f0d76558cfb72318c4bdcebfa30494cb00f7e080649977c13975930c6b458f39426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5897e837f7f9dda4a0c5bef3da351c7f |
| SHA1 | cc73cf47c6914a127955e4d62864dd76f499d33f |
| SHA256 | 2b7dbf4819904b0b76509ba0b8ece0a9ea085a86d1b2d3b1487787ea9522f01d |
| SHA512 | fb1b9e4fe180c3ec7e9892545785bd14f2dd8b05c6f98d9c2b1309b389a92b254966a5daceca094f586a635dc89d282255dc5b522a27244d2111131987ff5cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2090631972228d47a785cc056c962201 |
| SHA1 | 209efc07ed6957360db342c26fc40af6136d2318 |
| SHA256 | 98744c8bda18f0ea8f24d20de36e06e8f43af5607603561a917778fe44f97bbb |
| SHA512 | 11b16a0f595532c336c35c16b8f9cfad2903bc101ac2633251c3eafbce60e6aae5f9a3467351f1d468a67cdc7ed5ebc53337ca3a08ba959d92c29127e1e1ac40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29dcb89a5122c01528f8c1f628582cf1 |
| SHA1 | 1b44bd885d4c7db1e1355a3faa3d7a9f3638f484 |
| SHA256 | 326889d0a510535f7c38189b830b44b776bcbb3ab38fb97c1c80387e4b751c5c |
| SHA512 | c51b7fd09f21c11edb69ddc55845d677f60ac24a9e7e56b4321f1d0eca16c36b731ad378d1edd16f3d4af0962d69308aa39d6795dbd706c78e65542401be38f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecb296b062e3ec7c310e6747771ef60d |
| SHA1 | 10fc48ba00acf7c864250065a73a9707f937b88d |
| SHA256 | 95e692fd6c5fdd3b1b3699070b5669ef24f2fc46e168bb772f6061e14feebe69 |
| SHA512 | 558b93bec10acbc1139aabb318dcba94b278136f36e6720212153cefe9dbd01ff1179452298ed2fd0928338590cd3f4be2757f7b030966c912691ecd50e72f2a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-31 16:55
Reported
2024-12-31 16:57
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_29b936c7a4979e6e28e51932a8dcb17b.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0ac646f8,0x7fff0ac64708,0x7fff0ac64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9875555891264629553,6812358186962417109,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wibiya.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | tcp |
| FR | 142.250.75.234:443 | ajax.googleapis.com | tcp |
| US | 104.21.112.1:80 | cdn.wibiya.com | tcp |
| FR | 142.250.179.78:80 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.tealdit.com | udp |
| US | 172.67.174.110:80 | www.tealdit.com | tcp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 192.0.123.247:80 | www.intensedebate.com | tcp |
| US | 172.67.174.110:443 | www.tealdit.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| FR | 216.58.214.169:80 | www.blogger.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 142.250.178.138:445 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | go.linkwi.se | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | perierga.gr | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | i1234.photobucket.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| DE | 144.76.151.218:80 | go.linkwi.se | tcp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| US | 104.21.10.213:80 | perierga.gr | tcp |
| FR | 3.165.113.12:80 | i1234.photobucket.com | tcp |
| FR | 216.58.215.33:80 | 2.bp.blogspot.com | tcp |
| GB | 151.101.188.157:443 | platform.twitter.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 192.0.123.247:443 | www.intensedebate.com | tcp |
| FR | 3.165.113.12:443 | i1234.photobucket.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 247.123.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.188.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.113.165.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.151.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 142.250.178.142:80 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| FR | 216.58.215.33:80 | 3.bp.blogspot.com | tcp |
| FR | 142.250.178.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | en.aegeanair.com | udp |
| DE | 144.76.151.218:80 | go.linkwi.se | tcp |
| GB | 88.221.134.195:443 | en.aegeanair.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 142.250.75.234:139 | ajax.googleapis.com | tcp |
| FR | 216.58.214.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.147.35:445 | www.facebook.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.8.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| FR | 142.250.179.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.72:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | tcp |
| FR | 172.217.20.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | r-login.wordpress.com | udp |
| US | 192.0.78.19:443 | r-login.wordpress.com | tcp |
| FR | 142.250.178.138:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | s.intensedebate.com | udp |
| US | 192.0.123.246:80 | s.intensedebate.com | tcp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | gr.linkwi.se | udp |
| DE | 144.76.151.218:443 | gr.linkwi.se | tcp |
| FR | 18.245.175.46:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.123.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| FR | 142.250.179.72:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| FR | 18.164.52.95:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 72.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:445 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.71.197:445 | static.addtoany.com | tcp |
| US | 172.67.39.148:445 | static.addtoany.com | tcp |
| US | 104.22.70.197:139 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| FR | 18.244.28.122:445 | cdn.viglink.com | tcp |
| FR | 18.244.28.25:445 | cdn.viglink.com | tcp |
| FR | 18.244.28.18:445 | cdn.viglink.com | tcp |
| FR | 18.244.28.110:445 | cdn.viglink.com | tcp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| FR | 142.250.178.130:445 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.213.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 57.144.120.128:139 | connect.facebook.net | tcp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.169:443 | www.blogger.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_5072_EHQESSREMHWEJEJV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c37631ed4afcef77cd073eb1430029f9 |
| SHA1 | e9562a7dee1ad6a6581700f40fb48144c364456b |
| SHA256 | 41e30544c4bbfe35bb80bc2cda836f3dd5cad1f2241934a15dbc9236fe722573 |
| SHA512 | 927ebf42f5458ebff93c75abda1ee12547acde4dfbe24c62738873291122bb7eca80f16e0f14333aa9e9c9bc199687bc4b0c17efb2115d7723dfe0439ee9e62b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 2ebfdbd309ee762211b4a2ac39708c4d |
| SHA1 | b002922c672dbe1dd4caa02af24d0b1e7da616af |
| SHA256 | 54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797 |
| SHA512 | d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 71ecbf160ebf483b174a58d4997e24e1 |
| SHA1 | 687d4573c2b6df85b80bd8b203fc8f0bca137fb0 |
| SHA256 | f0a79d929a19f4f690f740ed0a916f879fe9446e8c4b452fb5869914e1947012 |
| SHA512 | ebbc47439a6b4ea7eda911c6cd033e519225cb621f47f3ac377062aa8a79b78a27989899e2abac6aad85c289132992fe8e4921298daec6ddec6251a912ee5d1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 147bc9c8b98a7ac7333b72d48d85c7a6 |
| SHA1 | 38b9128323b4a13f624ba88444e96aec521c0653 |
| SHA256 | 6acb01534cd37b17fc1cfd93af7be7fb84e87b7fce13b8a4a10ac0ab0557c437 |
| SHA512 | 19524f78cd2ef2a7f8e222fce9ab6c97cc73c3f83172ce081d5ece85d650068b0968e698a168c05a66bb51c25f3165b975480ae1b92bb6f3a7c36a57ea5cfe7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d0a50020e4d8c905a5347117951a93da |
| SHA1 | ab40c5c3068951ebce6b152c47432bc585da293b |
| SHA256 | 9f8b01e282285807e46b64dbad1a1de76615ef612bded4dda9cd98fc971d1d3b |
| SHA512 | 7a35300beb0be19ce88f78eeba78e795d457f6ca8d1e2c92455bef2838891ac7eb67d069e388cf8ec6d5433662f42445ea1c19f4dcce2e4bdc37b4a8a8168c73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd02.TMP
| MD5 | 613c323913cbb839763fa071a0ce2721 |
| SHA1 | 3fab0734df3adfec97a894b87803187f11fc93b8 |
| SHA256 | 1588c4f69f9fd0a5cf5aada5092f2bc9eac7bde895722cab4102cc9f02ec3fc0 |
| SHA512 | 7f0c3558d8f97329479309f16b2b6c4f6075039429024b4338e38f2d047ce3d83358076c7019997ad82c5415ee851a587957c496f01e41f992428ab9e2699e09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f667d894d771bed47420d28273c5a5fe |
| SHA1 | 307f4dad3138fe92017ccbe67ff4d91456f232ae |
| SHA256 | 2bc1c5a6a9799dba838146dc104d3c239ff63d43d863dfef89996fcd946297a3 |
| SHA512 | cf8c2dfb204ad8a469fa7aa58530af5fdc16b71bab130cb25d752f0a722c8d45c983b1021ba622fe276b61edf4861155c3f8242f87e6996b5f75c04cd82a5ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f60b3b604a77cc08495a199c5cddf91 |
| SHA1 | d5c5d0ad839afe057455400f222810d6e034d473 |
| SHA256 | 89162e3433b1787307da06df0904f3667a7853c7fe650e95f4dc8637249ca7b1 |
| SHA512 | 2d6455e2226ebae77b75915e1b7e5362fce6d3243afe9b19d1a8ae3d3aa1a84404a23d11be8ba328fa46b896c9605ba138498244d36490ad96579cc415886f1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b72007bdbc55bddefea1aaefc9f7e093 |
| SHA1 | 6612997ff156e9b2d578021e0966688a06da2d3c |
| SHA256 | 7e946b4ec8655cb2ed70d875355bb4fd5cd36506b57bcd13e61ab80cd21216a7 |
| SHA512 | fd1fd5d665ff382d0f97d5b8a395bd51a08488c3d57b9350ebb84f93f2ddf29a8d9689c7b272680650ab5ccee7e8ba05988517f2995b9c9962bfd5b79ebb9a3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09c7c10b19f2f90b8763e7e40dfc84b2 |
| SHA1 | be2ce5ff5ef0d960aaac7f703e1988bd410fe656 |
| SHA256 | 740721c9c655b5bc1250670d9a4c6c053448a75c87fa86e4126363f5b619a508 |
| SHA512 | fb81d731cbaa6560dbe829fcc38db4eea5bf40814be270b2c304e47354818d36732a51f0ca9efb06a60d274a46aeacef1b90d1cd04c47ddc2c451a4998ef25a5 |