Analysis Overview
SHA256
5f29c7fc48885213bffc99aef57e0019e56a0b45e831915944620840a5d7ba61
Threat Level: Shows suspicious behavior
The file 0159711e38493359577cae469a1eaf71_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 04:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 04:51
Reported
2024-06-22 04:54
Platform
win7-20240611-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rtpsktwkyfj = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C289360-65AC-9288-F2CB-545BEAEC1E3B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5C289360-65AC-9288-F2CB-545BEAEC1E3B}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000029bc5995df1584f45a0eca5209f09a5ee9b46d2e2333d61e9f2ba64576724d26000000000e8000000002000020000000e8eac614298fb1995046387e47233772bd1184d498dc124b3388bd5063f3e7499000000070c9c1860eaa703871461694e2a5413f553f7abe0c682d3dc5a7352e3199329f12348c7d3aeb38c8d67bee78d34ac895065cbada8dc2f77952b003367abe618650f7d902c0d8bbaeb6850bb874e704f5a06225871ed9ffdb1960107146930696f862a6b246134140411bb14ba9144bcb549302f7b416bcd10d7bcbf34e9271ee5cc197f28efad10780bb7d551008433740000000002458dbbe0568ae876a4ae19e131500a1901d4144fe5e1cdf84d82187b48cc2c42295140404d7ea2f0402a6a8b151e1b21f79babcc6cb3975a36c58dcd34397 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19287F71-3053-11EF-AAAD-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425193761" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3059e7ed5fc4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000006b91a5c10c8ca67a5e642e92a89e84575195e94d6257257678b2ce9263e1839c000000000e8000000002000020000000eeb56644a5b5ffe16811baec3bd05545782ec4893dcb799e2a7004f56eb04fdc20000000ca24eaeecb10be1859ac4c509ea1b000046b432d1755cbcf426d97004218747340000000dcf72f80adf95542590bf157fc18d55a8498b061d9083200f2a2152022dcf00b52137b13fa727d778b95a02db7a9163e123272740d457294f829e4fdaab3e4f4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C289360-65AC-9288-F2CB-545BEAEC1E3B} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C289360-65AC-9288-F2CB-545BEAEC1E3B}\ = "snappyads browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C289360-65AC-9288-F2CB-545BEAEC1E3B}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C289360-65AC-9288-F2CB-545BEAEC1E3B}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C289360-65AC-9288-F2CB-545BEAEC1E3B}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | new.snappyads.biz | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2072-0-0x0000000000280000-0x0000000000282000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab25AC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar266B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc07c46a7faa41cd1284af1fd8cdb057 |
| SHA1 | ac0bc33020ba837a475f26c4f5a3e7c2fbc3b8f7 |
| SHA256 | 5fb50d8287f70fd21867b3c04a6c780ed975ef4fec5611181fb51df70e5615e4 |
| SHA512 | 41fefcaf5a57445027586fed4a544ba0f03283face29213e34d72ae780a509d938900b84a66c416a6fec23a6a0df7371e846354249535712d1e94abe2747143c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2230bd9e5b2d3f00a9034e7c10f1e78 |
| SHA1 | 785815ef304d57fc2e84fd35d3eed9cc119eb232 |
| SHA256 | ac62981f54c96a6fcf16ba455fd00baa2903a9b1e42b9144122d6c4727aa69ee |
| SHA512 | 0ff7e67c03e8417cbedf9d0a5d92b11f8eb0fa41238b24807538d6ad55989834a454002e9ea701ca0b4ec23b81d3bbb11d349a0442d9eb410f6e064e6e4f7042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f9f5329d7e7e04e2599f457bc0f43d7 |
| SHA1 | e4e3cb9bc40f2525ac0f250a20b3c18fe84415ec |
| SHA256 | 4860a39ec7872ad2d1fb5ba56ee0f438719eeb80e673ee58cc50a34bfc345048 |
| SHA512 | 75e83224b123de1fbdcfc27e43c99d48838483ca8c7973769ee9cd182f9a0fe5bf723c9ac1a2067b4a30c10103e18f22cf6ef93c199e660d50f4192decded394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c18fe52697be5cffeb5f3c43788676d5 |
| SHA1 | a765647085af67abba9329a2a60b00ed2526bc4e |
| SHA256 | 3222c510e0470d9ecbfaf02cc8955c6839ce7fcf06d3d33ff23499d467c4e912 |
| SHA512 | f52699c702385f28210399f16cc4d906a55317f5e5020b0ca196d0fcde867c3592901963287b6c0d9cdf43424a0b939ca72d1fad45a094e8a36db99955aaeb02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1412674108d679fbf3f0b56dcdb6f570 |
| SHA1 | 3fcd6267de667d533bc519a70e89b6ea4e1eef8d |
| SHA256 | 7fa6cdb986f816f4302f48524621d7896e658c9939599979924bbfca7cc9f084 |
| SHA512 | ca5524902ba2397771816c4cf244f98af833a211b38a4154ef3ef578ebfd06bd71f163aaf3487de124b6590e4e9037341439dbdd21e1d8084249f1ca05f021dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1bbdd7780ddee82ce82db581e60e59 |
| SHA1 | 32db36f77ac7de0d9a24a9bd86032b93d500f08c |
| SHA256 | e5a2c973cc8171d3ea4473a566be4b59116ba7ab8d17192abf7a0c1f1f0a1554 |
| SHA512 | d7783e9b210c9887788e5f0e647b590855ea7438cf53bfe388e5d0aea5c4bcdf16562a6f434836306b804982286228ad7154350fd6c3f86795aeea5c92b384b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 309cfe88f8bc2bd79528ac2dc034378b |
| SHA1 | 40e46430e8261fd18f86f9e80d74abe442b9db91 |
| SHA256 | cad7f16e14b8e5032ac371633c70c849ec4de5cb87d257d56b639bbff369d6b9 |
| SHA512 | 4a8671672795d4d1e8fe9f2d45ef8359ba0fa4fff377dce4a9038fe43fd15c6fa17d802f529f5a5871297e569a48fab54eeb03c68a9d2abb26a276d1a5a27742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69414953a4cc158feaf46db608c00eea |
| SHA1 | 8a76aa44ee37571d6dfcefe655445504d0e5bbfd |
| SHA256 | 050ab4d9819dadf039acdc202444898a9c7ca91daa47baa8b47ab63caa556bdd |
| SHA512 | f1a967569c8a2a700ebd41b2ea2dd41d3b8846762187786338fde506f22f4ab26eae42574eec194a77d92bf872cce92561ba69b266913959e057d79e4d3c3fc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67fcd0878676f7b4664ce28373160b42 |
| SHA1 | 4700714969e2c19de4b9ab996fc8303687ee6f27 |
| SHA256 | afdc89e190a49792759025437a5fee83954d691ce209ca3ed64fb034d39b7575 |
| SHA512 | 9d713e423470e4c29eed880a7d351de7b2f7a338413a2fca2dce669b6619476165cb59afeae4aeb0d3095f4ea780e7eaef18d07228115c9a1788aeabe80ad846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03186d053ea363a01818ac300872ffa0 |
| SHA1 | f03376b281c31fa60f03a97a8c1ca63dc04839b5 |
| SHA256 | 717debb02317794d2f0218c0a617785bfb231ddcdf73a8d03a5e1bd385e309b1 |
| SHA512 | 6ef98307105ca92c50c250febe3eed44aab31166083a8236ad7a790be93e24e4daf45a503896c1a6fa06d61fa799edb3fa681cb5e90caa6a8211d3e86d3c0baf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eaf1d7c0348ece6aca2f43fbc93bc7bd |
| SHA1 | 84c62e6cd4e0bc1f5c434bdddbd182e04d670363 |
| SHA256 | d7ee0d81e11f764454441cda24ac35f064877036730e1ea7c6788666a56d9453 |
| SHA512 | 9ffa9c8eea6ff1d15b9098b6c0265da05ddc5cc205392749a391dc46ee5ff6192ab2759280f0cdf9fbd74d6957891979f8239a65db6d6babe84d246769d9802c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50545736654f4a3d2797eb7ba97b10cd |
| SHA1 | 879caac77f89e99d56c6d1d8fbe23cafa1165c36 |
| SHA256 | a128539e4be997b22b3c3b68cb9e9b008ad9b761e9ce2d244b2e172fdfe85fa2 |
| SHA512 | ff93cfdc2a915a8a3851c9ab305334d7aba7dcbe71057947e8f610f9f5788f9799bd6653e0083577cee0b56fde908253cb276868bf8a180ff036039c296ea4a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 301e85f01dddbf947f026d6b4afa30a9 |
| SHA1 | 00c0d7629da2d1be244ed2d63b9aafd122fee24e |
| SHA256 | e6a3cd54d7b3d4f3463a17c1aeb70b958cc045f5d091f64bd10d2b128e57c3fc |
| SHA512 | 228bee019285f75e3142dd781f863d4387a57ef41cf9b1de868257083a75e4307e4f04f515fd4b85bf43aedb1b11008ecf1fc11d58d598d7b419663506a60751 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bacbfcd78a1b986c3861b12a6ec57072 |
| SHA1 | 24e304b16c400b5bb062f0c79cd212e6d84c57d4 |
| SHA256 | 28552edd6015a23e3e8edeeab593a2251fdbd021c0d9f6f950a25fd368d97262 |
| SHA512 | 79aa72d65570b7b56393aa3857e6be68e5d927fbedbd5a164245a4c31041b27aa825b6c1c21a55292f99a2398e9d532cce15f873d1b6b7d61abc9697b2559140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84f8c81b44a90a378a9675e554d2f5fe |
| SHA1 | e3f84a8539124a47129bff2cf252c68aba1cf0a3 |
| SHA256 | 2d2c11e9aa842bb2b4849c13a5ed8cb34dd4b462a0009231e0f7e691efc7c22f |
| SHA512 | d4ab3911d7514931fdc028eb18e79946698cad0a336e930a14a35a3b5b96f7c91127416709a2560557cc82cc4925500e0f8c73933e4acef46a71986ed5813d6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55a3cb1635c18cf9cb536893c3e93fe6 |
| SHA1 | 343daaefc96278f16bf98f73161521341122e0b1 |
| SHA256 | ab34c759a2f37a4d1cb0a98f4448366f12c1fdeab4aa615b5e3f50a37f77dc78 |
| SHA512 | a7750be63e7dafb2ac4448b3967d33c45096ed5220abab6c18d8b4b2497609b5d8ab27e08d3e4f9181a4911175122cfb01314f97358c17f1dc827311e636fb7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85dbd174bccfd7ab02d966984b9e146d |
| SHA1 | adf5295b431c66554e566403deb1d7171b08e102 |
| SHA256 | 0f4e4da2e8bfe204d47d504b43f63b160bc4aee5b1755731baec832c7697b082 |
| SHA512 | ef126aac08d87dd7f3ac9b8c0de4a09241fb15220c1f0b8df77cad84c5ca1b21eebc9e7e6ad004635033518fbc9ed4a397a50478df5f998a553302a1404cf278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4082ee2912bf507298d9b9fa43de29b |
| SHA1 | fa3d296be8a644df991e8724204f8bb2debff2bb |
| SHA256 | 7fdf52eac128be40efaf33729a63d59010d7a5a8976119ddbe05e42b98bb38cf |
| SHA512 | 61db3b4d20ac8dbc61f4e065d190aea76ff1c8e32aff46611849adc3ddae154107299320f098b2710364182fb6349d2052bbff109371532d067bdd5bb83723e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f0524911e727cfbc58f28bb491eac4 |
| SHA1 | 2766e7a55badce1bd13e85b2b0f09c4ecbf0db3c |
| SHA256 | 2ed9b6b510a357d7ca3ab67a6f999cee53ee3a0b22896ca5c5c34000538b5ae4 |
| SHA512 | cfd55673eb6f17326e49db23cafa2e5f4b743a1748f5c6c0378f18b8ac92ca5010e17c7d101d5c8eeba9dd7ff2cd2e34a654af00cfbb93aa8a1316d4886fd93b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 04:51
Reported
2024-06-22 04:54
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
150s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bkndqoposicmaluoi = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85BD79E-642C-8EFD-871C-C255C742F71C} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85BD79E-642C-8EFD-871C-C255C742F71C}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e2ebfe5fc4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425796889" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{23FD8E65-3053-11EF-B9F7-CE289885E65A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f323bf96752ef048b2eeaa11cddfc62600000000020000000000106600000001000020000000b45e1c747558e66574cba088e1e96f2c267271e27f0cfb8f7b4f0e21678e86a6000000000e8000000002000020000000ce46d6604d5518191551529f63c9c18353929ec8bb37a481262d7aead7eecea420000000535a087c84d2760af134ad62dce596895a5f81ec5370733ba4dc53cad161e97a400000000a756127359ef61efcdd0427199707f07aaaa062b168ef55b57034bab1f71d590c90e66730e5b6061236e96b13799bf7ebde534cf6177eb400b9c0a9323fd9aa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07233ff5fc4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4182193057" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f323bf96752ef048b2eeaa11cddfc626000000000200000000001066000000010000200000001416c651b771336ddf6ab69b2c28c6dc148b706acc528e04e60e6b21d8571803000000000e80000000020000200000000f823b6b2e6761d030611809be437830ca732a4c73d67456f2bfe2066c34ff332000000096180ab045e9c7d88c5d446bcdf0385a231adf7522e0d8a5d27406158a93b69b400000007bb730ad38fe237aa68e023d5a1f1c0f3839179380e30a6d69fb5c70fcd76f0d7d06e8b890df9ce4846335fb01db63a7c8e0d5ccef31875a74b7796d29551817 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4182193057" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114335" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114335" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4199693725" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114335" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A85BD79E-642C-8EFD-871C-C255C742F71C} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A85BD79E-642C-8EFD-871C-C255C742F71C}\ = "snappyads browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A85BD79E-642C-8EFD-871C-C255C742F71C}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A85BD79E-642C-8EFD-871C-C255C742F71C}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A85BD79E-642C-8EFD-871C-C255C742F71C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4848 wrote to memory of 2416 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4848 wrote to memory of 2416 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4848 wrote to memory of 2416 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 3164 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3164 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3164 wrote to memory of 2680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0159711e38493359577cae469a1eaf71_JaffaCakes118.dll
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3164 CREDAT:17410 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | new.snappyads.biz | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | b6946ddacc19d914930b2ee8cd858903 |
| SHA1 | b3f7339d3c855422b5a3121842d7dbe9a017e344 |
| SHA256 | b1a0d4ec50df6b48de7d57c6316a7ce1919ae403125075438c4c822a5a0adf00 |
| SHA512 | 863cebab7bab5d3df1c82a71ce79567d257cd57123de1583e8a9508be2a187a504f35fde48146f0720317c855c2211e61f19f4c9e539f7a30a5642aac5c752a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 3e69b4f7d8b24e6c9606a99dcceb1477 |
| SHA1 | fa51b22048b9881fa9d589edabd597098c6ce426 |
| SHA256 | a8616afc4ac83452b293faeb861b299486ed4a881c4a0d9856fb55c877354db5 |
| SHA512 | 6ec308d1d1ef5c5dce11d34ecebe0fc28f27154a7fa376529f5c315ddc63e0bd211cfd1ad42f6c2ab3a3d6da5b85ea004e20d7621430de45220c1df9055b550e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |