Analysis Overview
SHA256
22446044c78ccb2c5d08077bedd4c0b714a3d320501c4f9a0744db7ac93ce1b0
Threat Level: Known bad
The file 68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Modiloader family
ModiLoader Second Stage
UAC bypass
ModiLoader, DBatLoader
ModiLoader Second Stage
Loads dropped DLL
Checks whether UAC is enabled
Drops file in Windows directory
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
System policy modification
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 21:46
Signatures
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modiloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 21:46
Reported
2024-05-22 21:48
Platform
win7-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
ModiLoader, DBatLoader
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\VMPipe32.dll | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp |
Files
memory/2228-0-0x0000000000320000-0x0000000000321000-memory.dmp
\Users\Admin\AppData\Local\Temp\ntdtcstp.dll
| MD5 | 67587e25a971a141628d7f07bd40ffa0 |
| SHA1 | 76fcd014539a3bb247cc0b761225f68bd6055f6b |
| SHA256 | e6829866322d68d5c5b78e3d48dcec70a41cdc42c6f357a44fd329f74a8b4378 |
| SHA512 | 6e6de7aa02c48f8b96b06e5f1160fbc5c95312320636e138cc997ef3362a61bc50ec03db1f06292eb964cd71915ddb2ec2eb741432c7da44215a4acbb576a350 |
memory/2228-7-0x0000000001DD0000-0x0000000001DDE000-memory.dmp
\Users\Admin\AppData\Local\Temp\cmsetac.dll
| MD5 | d1e85d6a08f2ed691807cf36273851bb |
| SHA1 | 064ff27e8cf1cab9c427f9b4bb1516435f54d558 |
| SHA256 | 1fcfa42381e240012905d5f2b15343fc4fde8ee5a60cbe7ff9f68afee5b48cc9 |
| SHA512 | 9821850b7fcaa5ed1eff8d8d0f9968fcbacee0da5dde973b515346c06cf6e31b0438cabf6887d8b46877e2145be681effa340d27a70bafd15ac0bf9cad044978 |
memory/2228-9-0x0000000077410000-0x0000000077411000-memory.dmp
memory/2228-10-0x0000000077400000-0x00000000774F0000-memory.dmp
memory/2228-11-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-12-0x00000000003F0000-0x00000000003F8000-memory.dmp
memory/2228-13-0x0000000001DD0000-0x0000000001DDE000-memory.dmp
memory/2228-14-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-17-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-20-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-23-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-26-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-29-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-32-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-35-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-38-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-41-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-44-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-47-0x0000000000400000-0x000000000044B000-memory.dmp
memory/2228-50-0x0000000000400000-0x000000000044B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 21:46
Reported
2024-05-22 21:48
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
ModiLoader, DBatLoader
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
ModiLoader Second Stage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\VMPipe32.dll | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68be40ed6ce68d27c9e1da629b7d940c_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| N/A | 192.168.1.101:15963 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 192.168.1.101:15963 | tcp |
Files
memory/3008-0-0x0000000000720000-0x0000000000721000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ntdtcstp.dll
| MD5 | 67587e25a971a141628d7f07bd40ffa0 |
| SHA1 | 76fcd014539a3bb247cc0b761225f68bd6055f6b |
| SHA256 | e6829866322d68d5c5b78e3d48dcec70a41cdc42c6f357a44fd329f74a8b4378 |
| SHA512 | 6e6de7aa02c48f8b96b06e5f1160fbc5c95312320636e138cc997ef3362a61bc50ec03db1f06292eb964cd71915ddb2ec2eb741432c7da44215a4acbb576a350 |
memory/3008-12-0x0000000002560000-0x000000000256E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cmsetac.dll
| MD5 | d1e85d6a08f2ed691807cf36273851bb |
| SHA1 | 064ff27e8cf1cab9c427f9b4bb1516435f54d558 |
| SHA256 | 1fcfa42381e240012905d5f2b15343fc4fde8ee5a60cbe7ff9f68afee5b48cc9 |
| SHA512 | 9821850b7fcaa5ed1eff8d8d0f9968fcbacee0da5dde973b515346c06cf6e31b0438cabf6887d8b46877e2145be681effa340d27a70bafd15ac0bf9cad044978 |
memory/3008-15-0x0000000002550000-0x0000000002551000-memory.dmp
memory/3008-18-0x0000000002560000-0x000000000256E000-memory.dmp
memory/3008-17-0x0000000002510000-0x0000000002518000-memory.dmp
memory/3008-16-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-19-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-22-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-25-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-28-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-31-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-34-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-37-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-40-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-43-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-46-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-49-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-52-0x0000000000400000-0x000000000044B000-memory.dmp
memory/3008-55-0x0000000000400000-0x000000000044B000-memory.dmp