General Info

File name

BlueHowl.exe

Full analysis
https://app.any.run/tasks/6bd5f212-9cd8-46be-9d02-98074559626c
Verdict
Malicious activity
Analysis date
15/01/2022, 01:00:31
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5

82a06c622ba85f44f138889e233c5efa

SHA1

e74bfca27e4a0592a147804180c5f182d2652541

SHA256

1d4322dbad293847de14eca09bee5056eaede7ce178490e101642bf1f5875e37

SSDEEP

768:WVR0tsKhLYHcXpNKkrvF2P2Ql9e8QCHa27q0F++95hYcLsFq:WVRFKNpQkJ2zlsGp3U+959sFq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Drops executable file immediately after starts
  • BlueHowl.exe (PID: 3104)
Changes the autorun value in the registry
  • BlueHowl.exe (PID: 3104)
Application was dropped or rewritten from another process
  • Tempdecrypter.exe (PID: 3696)
Reads the computer name
  • BlueHowl.exe (PID: 3104)
  • Tempdecrypter.exe (PID: 3696)
Checks supported languages
  • BlueHowl.exe (PID: 3104)
  • Tempdecrypter.exe (PID: 3696)
Uses TASKKILL.EXE to kill process
  • BlueHowl.exe (PID: 3104)
Reads Microsoft Outlook installation path
  • BlueHowl.exe (PID: 3104)
Reads internet explorer settings
  • BlueHowl.exe (PID: 3104)
Executable content was dropped or overwritten
  • BlueHowl.exe (PID: 3104)
Drops a file that was compiled in debug mode
  • BlueHowl.exe (PID: 3104)
Creates files in the user directory
  • BlueHowl.exe (PID: 3104)
Reads settings of System Certificates
  • BlueHowl.exe (PID: 3104)
Checks Windows Trust Settings
  • BlueHowl.exe (PID: 3104)
Checks supported languages
  • taskkill.exe (PID: 3664)
Reads the computer name
  • taskkill.exe (PID: 3664)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Generic CIL Executable (.NET, Mono, etc.) (56.7%)
.exe
|   Win64 Executable (generic) (21.3%)
.scr
|   Windows screen saver (10.1%)
.dll
|   Win32 Dynamic Link Library (generic) (5%)
.exe
|   Win32 Executable (generic) (3.4%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2017:05:20 00:30:48+02:00
PEType:
PE32
LinkerVersion:
80
CodeSize:
46080
InitializedDataSize:
5120
UninitializedDataSize:
null
EntryPoint:
0xd236
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
6
Subsystem:
Windows GUI
FileVersionNumber:
1.0.0.0
ProductVersionNumber:
1.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Neutral
CharacterSet:
Unicode
Comments:
null
CompanyName:
null
FileDescription:
count
FileVersion:
1.0.0.0
InternalName:
count.exe
LegalCopyright:
Copyright © 2017
LegalTrademarks:
null
OriginalFileName:
count.exe
ProductName:
null
ProductVersion:
1.0.0.0
AssemblyVersion:
1.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-May-2017 22:30:48
Debug artifacts
C:\Users\Quentin\Documents\test\test\obj\Release\count.pdb
Comments:
null
CompanyName:
null
FileDescription:
count
FileVersion:
1.0.0.0
InternalName:
count.exe
LegalCopyright:
Copyright © 2017
LegalTrademarks:
null
OriginalFilename:
count.exe
ProductName:
null
ProductVersion:
1.0.0.0
Assembly Version:
1.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000080
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
19-May-2017 22:30:48
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00002000 0x0000B23C 0x0000B400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 5.94856
.rsrc 0x0000E000 0x00001144 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.00318
.reloc 0x00010000 0x0000000C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 0.0815394
Resources
1

Imports
    mscoree.dll

Exports

    No exports.

Screenshots

Processes

Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

+
drop and start start bluehowl.exe taskkill.exe no specs tempdecrypter.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3104
CMD
"C:\Users\admin\AppData\Local\Temp\BlueHowl.exe"
Path
C:\Users\admin\AppData\Local\Temp\BlueHowl.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
count
Version
1.0.0.0
Modules
Image
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\users\admin\appdata\local\temp\bluehowl.exe
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\e0fea191b75897ec38735bfc31b89fe0\system.core.ni.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernelbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\user32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\57d66541f1d5d1c7888058a8d52b0b9c\system.runtime.remoting.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\ole32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\48d37adc5c0d8744e13603707480d090\microsoft.visualbasic.ni.dll
c:\windows\system32\rpcrt4.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\propsys.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\userenv.dll
c:\windows\system32\taskkill.exe
c:\windows\system32\windowscodecs.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ntmarta.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\668bc5e53fd656dc16c9f40ea15e872e\system.xml.ni.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\secur32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\appdata\local\tempdecrypter.exe
c:\windows\system32\wship6.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msacm32.dll
c:\program files\common files\speechengines\microsoft\tts20\msttsdecwrp.dll
c:\windows\system32\avrt.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\common files\speechengines\microsoft\tts20\msttsengine.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\wshqos.dll
c:\program files\common files\speechengines\microsoft\tts20\msttscommon.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\audioses.dll
c:\windows\system32\wmspdmod.dll
c:\windows\system32\schannel.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\bcrypt.dll
c:\windows\system32\speech\common\sapi.dll
c:\program files\common files\speechengines\microsoft\tts20\en-us\msttsfrontendenu.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\mlang.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\mf.dll
c:\windows\system32\jsintl.dll
c:\windows\system32\mshtmlmedia.dll
c:\windows\system32\atl.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\uianimation.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\slc.dll
c:\windows\system32\colorcnv.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\resampledmo.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll

PID
3664
CMD
taskkill /f /IM explorer.exe
Path
C:\Windows\system32\taskkill.exe
Indicators
No indicators
Parent process
BlueHowl.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Terminates Processes
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\version.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\taskkill.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wbemsvc.dll

PID
3696
CMD
"C:\Users\admin\AppData\Local\Tempdecrypter.exe"
Path
C:\Users\admin\AppData\Local\Tempdecrypter.exe
Indicators
No indicators
Parent process
BlueHowl.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
decrypter
Version
1.0.0.0
Modules
Image
c:\windows\system32\mscoree.dll
c:\windows\system32\user32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
c:\windows\system32\sechost.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\ce11900fa489575613dc777c7fbb0d7d\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\ac38cb30c15eb9e4a54459ee01e9f8e6\system.windows.forms.ni.dll
c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\b75ba99f72f116d8951b0f2bba8c276a\system.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\tempdecrypter.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll

Registry activity

Total events
8365
Read events
0
Write events
154
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3104
BlueHowl.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}\52-54-00-36-3e-ff
(default)
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WindowsUpdate
C:\Users\admin\AppData\Local\Temp
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\CurrentUserLexicon\{C9E37C15-DF92-4727-85D6-72E5EEB6995A}\Files
Datafile
%1a%\Microsoft\Speech\Files\UserLexicons\SP_4D0467A606C440CA9FF70C82FEA35AB2.dat
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\CurrentUserLexicon
Generation
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\CurrentUserLexicon
CLSID
{C9E37C15-DF92-4727-85D6-72E5EEB6995A}
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
80EA654DAB09D801
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\CurrentUserLexicon
(default)
Current User Lexicon
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
80EA654DAB09D801
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\PhoneConverters
DefaultTokenId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\English
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}
CLSID
{A8C680EB-3D32-11D2-9EE7-00C04F797396}
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}
(default)
Speakers (Realtek AC'97 Audio)
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}
DeviceName
Speakers (Realtek AC'97 Audio)
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput
DefaultTokenId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}\Attributes
Technology
MMSys
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}\Attributes
Vendor
Microsoft
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Speech\AudioOutput\TokenEnums\MMAudioOut\{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}
DeviceId
{0.0.0.00000000}.{e602c5a2-9378-42f9-9806-a74c065977f6}
3104
BlueHowl.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
6
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
6
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
6
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
NumberOfSubdomains
1
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
0
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
210
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
118
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
118
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
118
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
210
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
210
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
216
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
216
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
216
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
325
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
325
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
325
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
(default)
331
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com
(default)
331
3104
BlueHowl.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com
Total
331

Files activity

Executable files
1
Suspicious files
20
Text files
45
Unknown types
19

Dropped files

PID
Process
Filename
Type
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Tempdecrypter.exe
executable
MD5: 75a0a7eb5813e6c84807d15cded136e7
SHA256: a5c3bfb9707e4e27beb019c7b2f593b6a5827cd240c0e395c93676d3ab860fc3
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\css[1].css
text
MD5: c329fe4f3c60a119df50614074361ff7
SHA256: 9941636304644f8294edbfc7944ce5b975b1181a667dd33b8bc008165168c84c
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\KFOmCnqEu92Fr1Mu4mxO[1].eot
eot
MD5: 3958b787a5f14f550460f32cadc3bc6e
SHA256: be869a73a160440e8bfc5c7d84a907febd61075d920d51c7d0097d7295c865cd
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\1OHBMC54.txt
text
MD5: ce1bf10922f37ecb7f3aefad38cb9f87
SHA256: 7e9d90533dc4678880695e5b26b1832c138bd255435b56c0b5ef5c23ce16e247
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\K6HLXYY0.txt
text
MD5: f2aa0da05006240ccf24bb88ccbc9cf2
SHA256: b0e8a978ba635e1804d80db2547f3f2792a28c0038dff9bb21c29c905d2090e8
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\YUL7XFZS.txt
text
MD5: 62e7894002130052e26f1160e8b68a07
SHA256: 8b0601fe46902e316e89a8bc85e48879bcbb4ebffa1718bce4b0ace0d9005ede
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\css[1].css
text
MD5: 008f92ffd9c089e9d2f412128ff8fd78
SHA256: f94d02328ceebc06ee664c80b02dc1c68d138adcf76f4a11869dbbef863aa8ba
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\unnamed[1].jpg
image
MD5: 17b7efab8ecfbdf4dfb151673d87f8af
SHA256: 65e6d4fc2ad5815d9fa1308c6b82f57c377e57e34a763743bd4d7b71d720dafe
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\REOU1LRZ.txt
text
MD5: 62664693d7702b125cf8e1d5f20779eb
SHA256: fba15db287f1f5d9e335296e9a4547eabf16d14def5c252691f44b8a156c52f5
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_81A4BBBCA25D37E16959893B0776FDE5
der
MD5: 4978a3a738acdab0bf2f4789949ff587
SHA256: d3ed4ed5a5e54610600db2bf228f10a672265412da312791ec3a5273fab16370
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\XH7MVPEB.txt
text
MD5: 7bebc153ad8746c2b87c38db39590969
SHA256: a064b6d8ab9aec662d59c39a7ffbe5f658155d2ee4c4e2db58ad6f596ba6fe88
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\ad_status[1].js
text
MD5: 1fa71744db23d0f8df9cce6719defcb7
SHA256: eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_426C488899445303EEF188FEA61B7A71
der
MD5: 7db8e025565c7f270850d19684fc9faf
SHA256: eca83017c53fed02c2921daa90275c7603a16382705312280f9d32813595d58c
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\L0TS7XRP.txt
text
MD5: 84a180365fba337d87e2ad3f0aad390a
SHA256: 18a2d6147bcf2ba49ff90a221fbc8a11bb492fe56cedbd8ddce5ee7408ab91e4
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E0990A7CF057A22E5C656F7713BE4EB4
der
MD5: 6db8179c1b6f6cbac6cc02ec5b11ede1
SHA256: 6e2c10a5909297c7514cea94712a17fe2ffec69e59305e3f70993677cb14f41e
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_426C488899445303EEF188FEA61B7A71
binary
MD5: dac635c1a8d7db201c8dfcb30f0c5389
SHA256: e5e8ae1a5d9ec9c94388bc48ba339a9105a1339becccd9d4e7bb9e2f1add5c90
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E0990A7CF057A22E5C656F7713BE4EB4
binary
MD5: 85f35f608fc7e9b34256c1fc5329d119
SHA256: 06bf24873994b84d615721b9ea7875f890d91efab5fc8cab66c612f7f8271f9c
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_81A4BBBCA25D37E16959893B0776FDE5
binary
MD5: 09d1215cc6f3b72293f32ec12e938016
SHA256: c19979c5532421241d83fd7d10e67d09eb6580f86a5a526efcbc3910595bce8b
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_B78A6612B283D1A84CF6D906F0526853
der
MD5: 9b2b4118bb5fa225427cf7c1dfb093ca
SHA256: d569f35b80fe7cdce7f9e11f70d234dab02ca798d1fade2655dc5567c3071cdc
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\maxresdefault[1].jpg
image
MD5: cd2e7b40e913bd54efd39676c13f4862
SHA256: d605fc38e57324c9817a78fea4e7ab0da11fd55b31e53e2f065df769faa0ed3d
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_B78A6612B283D1A84CF6D906F0526853
binary
MD5: 200df926ebd3f67c5c107d5df345f230
SHA256: ed4f71ab8cff72ee8515ba2a247db38894cc7e8240444a9c90798458c723704f
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ServiceLogin[1].htm
html
MD5: 86eaa2e32fb6381f263cb52f578754fb
SHA256: 60a6cd5210acb87064ddccaddd771930137641bd8dab8706b0750355296ebfd8
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_04CD616F2E5858CA88421565390EE4ED
binary
MD5: b7b5662e6c26c7a17e44444978376406
SHA256: 4163f199c249b6b126f8084f25c44c49a408c3d9522ce4faf87b99a2c82194ea
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_BA334993752447F604AFDE6BD0E2382A
der
MD5: c8af701a9deec2cbf83854f72d47c1f8
SHA256: 62bcb6b120e6bd2b069cec506a4e408b507089ab2c45d76dd89cd59a7a730998
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\maxresdefault[1].jpg
image
MD5: 3ff2949fa54a30c985f32d43287d569e
SHA256: 3d18bd7e37e5e85f2979758478f053be16a1e905559346da3c59ce4ce9450d2f
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\lEFeIgm1WRbzDVRxkfF6WNGUItyOAHOVvio6rkdQ7NQ[1].js
text
MD5: 51a1772a20abaecdafeeffc8cd703f1d
SHA256: 94415e2209b55916f30d547191f17a58d19422dc8e007395be2a3aae4750ecd4
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\featured_channel[1].jpg
image
MD5: ea6b8beb5c53155e0ff4ec2f329b8c8c
SHA256: 51b8189ba8ca3e274829e2b73caadbfc2a3a5117113211dda0162406c5a7b092
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_BA334993752447F604AFDE6BD0E2382A
binary
MD5: f05bba5af69d28110cf084b42711d148
SHA256: e52b1929435d6f0a042c8589c74a26edb3fa2d5d90c5b944dbaa44e10d54a9fd
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\1382247536d94f532a1c061b2193eeda58cb258d.a31868f609b4d1fc274c[1].js
text
MD5: 436aa558722734d9181224542db04352
SHA256: 7425c80a22394049c59fb6afd134a5bf4eeea3be52f1122c62f8a41f01ed6db4
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\23261a5da41a5633dd177d79ff5fd9fe2db8e212.90ec3a891c9a456aa55c[1].js
text
MD5: 614c12d16f275f62a19af9be81b58c2a
SHA256: aa66ace36340ec97120b945ba74a674fd4f40fe535d09ff0599b0eae1f8c3a09
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
der
MD5: 16d3f9ab9906795a97d054c743d7e35f
SHA256: 35eab9b4604650214054008310c2665f30fb12bc3fc3865a1277318786f67a3b
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\KFOmCnqEu92Fr1Me5A[1].eot
eot
MD5: ba0e3e8b84dd99edca37fb3823d77a6a
SHA256: 5cbdaab2376b188f46c88b4894b68f9dd7904a4d5b88c4b99d09e130dd001f15
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\webpack-ea8add201eb6b57154e2[1].js
text
MD5: dd70f1ce4180961e822ccbec5786f063
SHA256: ce273e1dd0fdb9c33fbd5de4321850e68978d043af315f72843171aa77fd2403
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\_ssgManifest[1].js
text
MD5: 6a7c98fb81ba772c08377ff2e6e133dc
SHA256: 7f8121be6c8936566ac58e0c244f52dfcd0fc3092e1b728e52f48f543809edbd
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\_app-68840a6fc86543d809d5[1].js
text
MD5: 4e84011ac6fe254df6b2f0d4a3dd3614
SHA256: 81196ae7db8566629d4d8819049c927a1f793c8716c4a8d311d3d793f9da7286
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\watch[1].htm
html
MD5: 2c27c67433f54ec640af6564ac2a3d39
SHA256: 8c9a01f8475800ef9159f676dad67d08e0dfe6d06f91999fa056a1173c77d4c3
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\_buildManifest[1].js
text
MD5: eacfc05f361f444f8391d42fd4331d46
SHA256: ca2ddec091c6ead50799eca370cd442ee6d0dadeb505262ac38868f934d4983d
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SBNY5O29\www.youtube[1].xml
text
MD5: c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA256: b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\142c402562a822c64e44560c76bd80dd53ce929d.b9fad60620bb50e53dd8[1].js
text
MD5: d51c720c2d7c069e93ff15c97367ccfb
SHA256: 43c86c2863178f36939641ba7ffe454c8ee7e881c0445e13f51d1b54e8dfe425
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\e4b95fabc9676fbf51af8e342a3b3bf53b27d6e4.8c8e88c19601f827f8f1[1].js
text
MD5: 61486b6b6272bbf8ac4112037b5ac2e6
SHA256: 16e741faf0d8fe20b5172a846ed821517152a3bf73fb632b7c4f78def7378b26
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\_error-0c893a1677e30f10c169[1].js
text
MD5: f9d88789d35f6a9f7f15b88d6c19cd9e
SHA256: 4d3eaabb6ff99774a1fd0dff62f4fe921849794ba05ea486717f11456b95f268
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
binary
MD5: 3c9fc3a6ca5856111cceb22d173af544
SHA256: 1fd5118d7256103b710354492f0de8f8cbfb462dc8d248144fc63e4ef7f84370
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_48AE7A92B76F881B36445CF06C4E3757
der
MD5: 9db1a0b6dd70eda876881579dafa3d0e
SHA256: 1b87bd5a694475d62bb99c36b2cffbdf3faba11a0a4243cb63b48e75760cdd1e
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_04CD616F2E5858CA88421565390EE4ED
der
MD5: 636260898ccf63b98289667de1263ceb
SHA256: df6cebc0a40f23bec7f1c1b322363cf71bfa80e06f6f35618e4b08e1bbf95fb6
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_48AE7A92B76F881B36445CF06C4E3757
binary
MD5: f50ade82eb89bb7fe94b5d98a097d8a5
SHA256: 97f755b7127b1a29bd5377a4fe883de9a4d2583edfdb902a1fee88094c34c608
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\272908d35dd95e16db50b69c2ecbcea2d776487e.3327fabeac5da0d50882[1].js
text
MD5: 831485e43e50818eb0affb44931394f2
SHA256: bd8dfc0b4841a1e09fcd726cbc450b916594fde6bd63645cd0f5f3b8dd053a62
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\ea34ca41893c966a2ab89da21acf42cbd914d522.cec03fb50b3c3312073a[1].js
text
MD5: aa7b8dfbf32644e648e4501d39ee076c
SHA256: 8fb1df50d3bfbaf48c908b0c53b2870533832b910b408da84de5f272a34dc2b8
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\dc972cf021bde422e8407d39ab5775f6081e6029.c060ecaee1b64eda220d[1].js
text
MD5: b188aee2f2e40d52e89741f5b241c96b
SHA256: 7947807a7d828b5e07951e7df58c0ad55559671b78013fe0151b4dcdc46b617a
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\analytics[1].js
text
MD5: d40531c5e99a6f84e42535859476fe35
SHA256: a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\637ada912cbbfb3e114fc6026523d277652d2d80.b35c57b5a384e8c1b604[1].js
text
MD5: d4f1a757cf10e0307cae7dc3f002fae0
SHA256: 7464316fec8f9d51fbe36f09f93a32932b361ca69377c5964270bfe20c05d19d
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\framework.f7db8f6b6177f0515ddc[1].js
text
MD5: 9603c8b6d5dba3c46eadba3f057e9638
SHA256: 4e0e1e988e01c390c4e977764e65b3d439b32641f6f80533a338b4e39c23267b
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_3F7957FB3A320F2624B05EF6723A144F
binary
MD5: a6e85d490f95f0ebc12c1e8cd8a88159
SHA256: f9581c6880766490633cd4bd5ccf0dbc389d8a1fa83c0b0ef810fa9cb341bf61
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\commons.74e68950d4e2eaef478e[1].js
text
MD5: 0455626ffdb0d06d71ac21de5dbfa8ad
SHA256: ae30f286baeea7fd185ea551ac60194405126274126e5c8cfeea4da99a166f66
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
der
MD5: 8568135856bb7a64dc01cd86ddfeedf3
SHA256: b6f9ebc6817249a914aca6c071d1e0051a1edb3c49dd2863b44520053d201472
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\polyfills-369ccd6421dd97bdc141[1].js
text
MD5: c06c8067b732a49485a93758dc78f227
SHA256: 1980f07bc26e96ac1f488035eb3b3dad384634b0c9458fefb364258db9051d28
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A01EFC9EF87B331821A80D893F4D7FE8
binary
MD5: 5863407332a1c65658850a85e8a3e2fe
SHA256: 55e9fab684bfcd2aaba721bdade5808fa7969e4900787c15088aef6c463f8772
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\9f9b85581ac1c16d34714f64c92b90380b87dcb0.3e2743c207a77b8edc1d[1].js
text
MD5: 0591ac744406b02792ec2132ab48fed4
SHA256: d63b75748e17778ff35df2e6aaed91635fb96d0855c9c29ee4d7f97c04506087
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\main-5139c78400cbd6f11e5e[1].js
text
MD5: 453b8987f09e6404565d0422f59fb99d
SHA256: 3120a58a2c3b1bf3c1af3b45a6a576708c227699635f2e3871b13141b2dd43c3
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\banner-bg[1].svg
image
MD5: 4381cfdccfc8ac33fa19d7bc15635173
SHA256: bc793e4fbf4535c0aa53393c18c8e65dcf880096ff41a71fcf2edb603db6c124
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_3F7957FB3A320F2624B05EF6723A144F
der
MD5: af6f7b30c0c4089d892dd4724e5c6f2c
SHA256: ac38489994a2a576c44b9395e0ac5df1de9ba0889913f719d3d04d1ecbb8bbdc
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\polyfill.min[1].js
text
MD5: b78d24643a2c7754230d68a8f15f090d
SHA256: cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\879878854953e88177cae70c149ad9c4ed0d5f0c.cbf6ce5eb8a7bb4d6ffa[1].js
text
MD5: 3de9d0cd4ee1580ff3099e240ae09c19
SHA256: dac12d5deb9d5668fdb5f98bb6850b1391f131e1e73fa660cbd4d26bb78d66a2
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_ACB084F1532E23E916946A083A45F6BF
der
MD5: b1b0e6ee993d5391f9c9542722058ded
SHA256: 24f2868125a79b1e18122f8e5a5acea85550b416c06c1447f2f158cadf88953c
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\construction406[1].png
image
MD5: ee96f42156fa12bf25498cd3bc7e8c45
SHA256: 02c03e0f1c07aa585cb57aa45ff2954c4bab27cced8d182682ff5e755d0aa239
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_ACB084F1532E23E916946A083A45F6BF
binary
MD5: a353da9467f8c76d31ff32ebd5dab95e
SHA256: c7a7d882a525397b83ca2f467d81f9640bd3b3d3866186b9caaae31820f71aba
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\css2[1].css
text
MD5: fdd459514a671421429aa7dabc786382
SHA256: a83f5d35d6877b3ef15d894769f0432e4c9e1182ade48d2ec90eaeaa601a10b7
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\MIOI6PI0.txt
text
MD5: 0095d08be55cadaa2ac9e619d45b7ad4
SHA256: c5ef329ca4a57903b903aa65351a000280d0dd73b0a89be4adaa1320cd188ce2
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\css[1].css
text
MD5: eff3f78b35101a819640fdd258004616
SHA256: 2d16db2b0de4a9ca19917f7f470cc1df27813a4039b7b18edd1801cc312605da
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\XA37UNYF.txt
text
MD5: 4165ad8e61f3ca79461866e71ccf8eb2
SHA256: e4f9da9f5bdd205b790597e1636650c0d84fff790a8833b10bff844b337b50f7
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 85c05831f63951c74b6a2970ce339a35
SHA256: f934d7eba0e94d66ecd0ecf89e9fc8496882764071c729c8457154f35ed640d1
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
der
MD5: 7bf0284e4702da4fabcfec8c2e268d8e
SHA256: 659fae11a4270a5161255bc30db5113c2a0a88499b9280bfb25a197dda9d6683
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_A8E307474B7EEECDE82731B5F335EEAF
binary
MD5: c63cd0a816108e726dd25143d433e7cc
SHA256: 3a1d8c7e9b687ff8f2264762520634e79e75884cadf4039e2b2bc82963c31a36
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: 28dd28d984a18cb147d6b19e5247ae80
SHA256: 240bbf20c041c09e35c8aa00fd8ac400abc937e8f37abaaebd6d6e21af5ad0cc
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
der
MD5: beab9da0aa8e569dd7b0dedba4676d02
SHA256: 7c5ee0ff5ecd229ba442c639096cfb79d50d7fc6841a8e99693393a920a70c33
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
3104
BlueHowl.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\inter[1].css
text
MD5: 6cc2458d5edccef0f04424a5f32bce10
SHA256: effd7ce6ed5f47c331ed9333eb10d6ad78f496277f95dabb0d7dcba847d34a97
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: ecf68175fe30a8d50b82bef1cd11e258
SHA256: 5249f88eafc7d089c56af3844ce6ade9f6e7cf6b0aa195771f93211af60c85b6
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
der
MD5: b3c1ac005cf86fd225c24935afb80dbc
SHA256: ba6ae96b7b7d003d9ff08bafc1f28f483d8cb0f95d4a63e5857c05b4d8b65e5f
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
binary
MD5: 599d31a9ba5bcc446939ad13aa58e56e
SHA256: 5377e6b544c1c884ffac1452f1ca7c9069f47ae00c6f81774494fa3fd8bf7966
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
binary
MD5: ad24b6142234bb024844c61b08778cf0
SHA256: 90fdd937e8b78e8ce86ea9a54e768c6584c610ced95b2508a891e8e5aeb12dec
3104
BlueHowl.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 75b56d948fbfd1d45a31a5975edd40e2
SHA256: 7029977a6d8f5e529442f5284573ad4392cbbd9cb54f95ae599c392c46e30a14
3104
BlueHowl.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_4D0467A606C440CA9FF70C82FEA35AB2.dat
binary
MD5: f8a3c9ceb8837948c445587dbebcb50e
SHA256: 58f7af04dc3b98e3ec86f8e13a29c93acf157a792756831d0167d4377f0fe6ce

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
18
TCP/UDP connections
29
DNS requests
23
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3104 BlueHowl.exe GET 200 2.16.186.56:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d35c73974bffa6b4 unknown
compressed
whitelisted
3104 BlueHowl.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
3104 BlueHowl.exe GET 200 93.184.220.29:80 http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCCq2t14DFKuAoAAAABJ9n3 US
der
shared
3104 BlueHowl.exe GET 200 104.18.21.226:80 http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGCDPAjbzpoUYuu%2B39wE%3D US
der
whitelisted
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEwn5Ns8%2BLABCgAAAAEn2cc%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCAnDacZA1UWwoAAAABJ9nq US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCE9%2B71%2BnQSiQoAAAABLOkC US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCPMu8whnl65AoAAAABJ95m US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD0u1o6ejgsaAoAAAABJ949 US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEE6xdoJrIAA%2BCgAAAAEn3EY%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCECWpN9NvRHrrCgAAAAEn2bc%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEHny9TizMWBrCgAAAAEn3OQ%3D US
der
shared
3104 BlueHowl.exe GET 200 142.250.185.195:80 http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQD1gKWbifArxwoAAAABJ9nk US
der
shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3104 BlueHowl.exe 104.16.143.212:443 Cloudflare Inc US shared
3104 BlueHowl.exe 2.16.186.56:80 Akamai International B.V. –– whitelisted
3104 BlueHowl.exe 93.184.220.29:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
3104 BlueHowl.exe 172.67.158.42:443 US malicious
3104 BlueHowl.exe 142.250.185.195:80 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.184.206:443 Google Inc. US whitelisted
–– –– 142.250.185.232:443 Google Inc. US suspicious
–– –– 151.101.1.26:443 Fastly US unknown
3104 BlueHowl.exe 104.18.21.226:80 Cloudflare Inc US shared
3104 BlueHowl.exe 104.16.40.77:443 Cloudflare Inc US shared
3104 BlueHowl.exe 142.250.186.174:443 Google Inc. US whitelisted
3104 BlueHowl.exe 173.194.129.199:443 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.186.163:443 Google Inc. US whitelisted
3104 BlueHowl.exe 173.194.129.200:443 Google Inc. US whitelisted
3104 BlueHowl.exe 172.217.16.132:443 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.185.77:443 Google Inc. US unknown
3104 BlueHowl.exe 142.250.185.182:443 Google Inc. US unknown
3104 BlueHowl.exe 142.250.184.193:443 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.186.166:443 Google Inc. US suspicious
3104 BlueHowl.exe 142.250.185.99:443 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.185.226:443 Google Inc. US suspicious
–– –– 142.250.185.238:443 Google Inc. US whitelisted
3104 BlueHowl.exe 142.250.185.74:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
blockchain.info 104.16.143.212
104.16.144.212
104.16.147.212
104.16.146.212
104.16.145.212
shared
ctldl.windowsupdate.com 2.16.186.56
2.16.186.81
whitelisted
ocsp.digicert.com 93.184.220.29
shared
www.blockchain.com 104.16.40.77
104.18.93.71
unknown
www.youtube.com 142.250.184.206
142.250.184.238
216.58.212.142
142.250.185.78
142.250.185.110
142.250.185.142
142.250.185.174
142.250.185.206
142.250.185.238
172.217.18.110
142.250.181.238
172.217.16.142
216.58.212.174
142.250.74.206
142.250.186.46
142.250.186.78
shared
rsms.me 172.67.158.42
104.21.8.250
whitelisted
fonts.googleapis.com 142.250.185.74
shared
ocsp.pki.goog 142.250.185.195
shared
cdn.polyfill.io 151.101.1.26
151.101.65.26
151.101.129.26
151.101.193.26
whitelisted
www.googletagmanager.com 142.250.185.232
whitelisted
i.ytimg.com 142.250.185.182
142.250.185.214
142.250.185.246
172.217.18.118
142.250.181.246
172.217.16.150
216.58.212.182
142.250.74.214
142.250.186.54
142.250.186.86
142.250.186.118
142.250.186.150
142.250.186.182
142.250.184.214
142.250.184.246
216.58.212.150
whitelisted
ocsp2.globalsign.com 104.18.21.226
104.18.20.226
whitelisted
www.google-analytics.com 142.250.186.174
shared
r2---sn-aigzrn7s.googlevideo.com 173.194.129.199
whitelisted
fonts.gstatic.com 142.250.186.163
shared
rr3---sn-aigzrn7s.googlevideo.com 173.194.129.200
whitelisted
accounts.google.com 142.250.185.77
shared
www.google.com 172.217.16.132
shared
static.doubleclick.net 142.250.186.166
whitelisted
yt3.ggpht.com 142.250.184.193
whitelisted
www.google.co.uk 142.250.185.99
whitelisted
googleads.g.doubleclick.net 142.250.185.226
whitelisted
youtube.com 142.250.185.238
whitelisted

Threats

No threats detected.

Debug output strings

No debug info.