Analysis Overview
SHA256
89899221bf26c7d8dade38ecefc143157a8d50b18435d5bc31474f12ef67ee22
Threat Level: Shows suspicious behavior
The file 0169eb062aa14ef526a072ca0d486d41_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Installs/modifies Browser Helper Object
Unsigned PE
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-22 05:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-22 05:06
Reported
2024-06-22 05:08
Platform
win7-20240221-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\rmfqolnumbl = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2635333-6E72-E2F1-0081-B16C9682D04F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{F2635333-6E72-E2F1-0081-B16C9682D04F}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{263D7511-3055-11EF-A304-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006e0c0f1ac420644a7471a7d1a718f390000000002000000000010660000000100002000000020477fc353cc7d8e91065d7014f01df454a92e19ac011e8d70dc1ccf3338f54b000000000e80000000020000200000009ec5ddaf334a4180570ca56754a81959763e371816bf6bd3dfab9aeaca73a22a90000000192925f7458c66e3552bba116eb11fb43d773ad1971d422bfb01de4416708fc3f764d8329fca31b292e0898336eb8c25b3734bd186fd952c67dea3a7999aa046255865d0ac03e510575f3a89824bae8a36dce9e5d6a9b091b0a6bb9919f118d6e7d9e9586d918a9f094d873b7f81db307a40bcf3fb811c379b06a5f65e11d0b9734de08c2c9f0be3a5e80dea59920338400000000353714d7e1c56fb6d6a9be113589d263a81bb7a2b4027b187d32151b6a0faace95112d40428cb5c73ef77993eef2712e90e8972ea50dc3ddc89a79b070188f8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425194642" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006e0c0f1ac420644a7471a7d1a718f3900000000020000000000106600000001000020000000fbb0a980f68cafa343845e34043a3cece6aa661b19caf39c6fd7356f19cb56dd000000000e8000000002000020000000ddb62b38c7c3fa86f9e6ab3050b4041b0e5084a9f5a209ba228fe4837d7792f920000000213d3bf28610505be2fd2be0a65b196ee6c457d4a477ab4b06a2d91eb4bfe8e440000000b2678fb25eb0fc30c66ed5883469bc02875857694b6acc20fd5c3e48b5eb3df385573281034dc21d05bc8b2227a240113120240b304a1ef917d6fbcaa6ebd29b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d569fb61c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2635333-6E72-E2F1-0081-B16C9682D04F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2635333-6E72-E2F1-0081-B16C9682D04F}\ = "cpmsky browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2635333-6E72-E2F1-0081-B16C9682D04F}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2635333-6E72-E2F1-0081-B16C9682D04F}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2635333-6E72-E2F1-0081-B16C9682D04F}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cpmsky.biz | udp |
| DE | 185.206.180.161:80 | cpmsky.biz | tcp |
| DE | 185.206.180.161:80 | cpmsky.biz | tcp |
| US | 8.8.8.8:53 | www.cpmsky.biz | udp |
| HK | 172.96.185.159:80 | www.cpmsky.biz | tcp |
| HK | 172.96.185.159:80 | www.cpmsky.biz | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/820-0-0x00000000001B0000-0x00000000001B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2FE9.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar30CB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20cdc8c38534dc35cc8b5f97a045bf48 |
| SHA1 | ee78b2b253b0e7bf398244ed657f330f3b7647ff |
| SHA256 | c839251a1ada848255b28df97d1aa7287701a343cdeb763d98c66256d098cd97 |
| SHA512 | 7edc8fe4d9e1b3e846ef024c3b2e98acf917367ae77e0d143eb536399beee635152c00223095b62b9a9095696f399bba8d9acbf1a510129754c869156a7fae60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 566e4e90acbc3f5a37a1e8715716ce00 |
| SHA1 | 9e225cd1b08e96fd7f587c81556ce09147414e4b |
| SHA256 | d4118bca401bd94cfeeac6113aff7c87ceea2df4c89bfdd31b1238ab26e459e3 |
| SHA512 | 45f320b21607e43a2f62936521894bb5623a3ac55fabbf93f23d8818a0679a90da0d973662e8e0fa50699f947f744b77a7725099e0047a5a4cddd92af162c4f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b593e3059a99aa311e9fc6580324412 |
| SHA1 | 2f07516efde52507cc8a45b8778f99b116f57ce2 |
| SHA256 | 9e4d85b79124d9bfed48452ae766ba6bd742180ef2d32b1573d38415a04fbe6e |
| SHA512 | e2d81567fdad1326c936d73169bddd735eb9a53cb7ec35d846e87069f2462073c730e56b380823bf17f65cbae1858ccb4fe3fac5bbbbe99fdb79209c3bf54f2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 896ba40577e2fc9ffce45d401373f47b |
| SHA1 | 472ea005928a223e1c48b9e2486380e539785ceb |
| SHA256 | 5ac9407277d4a90444900b34f2339ad1da3a3663558796d84b162bf935e4e33b |
| SHA512 | 0d788f8062661919afc2844ee20c953d61c9410577fc5ab89f8b4bcf1a9549f56d4673fd67cd8a97c7949998eab9a4095183c722c1f1da892a2318f8e3d1deb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a7c91ce821035f67f5d748c4f8c3a1 |
| SHA1 | a8e00b519b009e880bac3dcd877df7011e133946 |
| SHA256 | eaab0887b9ca4d9c64b672f97dba1555ea94a5cc3caad21ced09500f39c2b283 |
| SHA512 | 34b7f8102b929db0e4d0fdcc2376e8c18f27480c4057dd37b2bc3d64edd21899df2d7d1f97d56783cab92733684dc909d799a0fbff3fa4f110aa457526272bb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f50d38431221c6b857705c2e3b92d54 |
| SHA1 | b74c1ddb5bc86b053fa46e57a5b325ea47f51230 |
| SHA256 | 28912ca835492db470811e6e9209023c491bf03fdf2c030ef5d02f8aa16eb747 |
| SHA512 | e3c1645fe654f92de76d2d38fc668591764d78f112f3b1ac8737b611d4c573671b18956abfb7a2fa06dea86e8a7cdd0d949fbaa4d653567e2fddcd11dfb35a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f451d4d653e5b89bcd127b12c6620a0 |
| SHA1 | 0c6b436c33248805b517db79f7eed91afb78c724 |
| SHA256 | 25bbbebe4bac5a53e6147bddee1a6b9aa2eafd899932abcbca2d85de300bad8e |
| SHA512 | 7d490100903d192ebbbf49f4969d581e0ba3ec1402ab15197b5c6333ab7f4c00c58cfbc7bee5de07d479c4e566247eb7ee74223c547eda3d0205525c078bd0a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdad8dd05818281572160e79d1253b9c |
| SHA1 | e838c413838393479ad54d10048d7c491718f1fa |
| SHA256 | dbb89c8ff660eb5cbd32cc6a7a405709c47c6103cd25a8b01bbd11f5e8d75150 |
| SHA512 | d2a10a29f313feeaacb6b7e7d35ec8519719a2a0e96229c77ac8ebcea222c0ac3157bd5815abb3ff4f53634ec394dea7fcffae4f81aefe333b24dd18d62ac273 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0adefd815791cef6008b825d2427f4fc |
| SHA1 | 52e3428387b99d547e12fb1fda657480fc358141 |
| SHA256 | aa52d0d22e1e6676a0fbf1fa0ee54cf114ea06438295562b48656f9a7772df7b |
| SHA512 | 2b0d54164cc45a2eb553e1c4ba02e0b30baba0461382d4c2dc3207d3cf6c9c1f0effd989c42e9716bd67ea81ef7a52863aaf22b2703c08f98f8e91aa43ff3995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7dee6b57b30016627117f11759707652 |
| SHA1 | 46f147c37b4a248b40c21a6b745ff9b0646cdfa3 |
| SHA256 | ed144c2034da484a5956887336116537329734dc45a8b3b6703690a596130052 |
| SHA512 | 61dfc1524afca424ea200b776face05e160f5ef072db55f72bec1f03a35f9adf80c6157dd7d54b3d11382e406f8bce4a5ae005547e27848234620da3173fed73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 030576b7207cccbcd2cbf6df138cd96d |
| SHA1 | f5d8f4f6f431ecddcffb412720c1b1f35081ecb1 |
| SHA256 | 83ee07d2007c73606677e8bbb0e6d90561883e4dec5c15df070b7b6a9a69d079 |
| SHA512 | 454854c7a4833b412e51c8e02a4dde755787badb141f7b149c42d1733c3dd4d5d620e3136d8eb701053d6d52a17297fa8021e175aaee4df2c1a977c38d2a07f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dff46cb33f7f73ba5ed1e9783447878 |
| SHA1 | c6a68939181054cfdd2e647c762d5b144f2a154a |
| SHA256 | 994714b4c27e7c59d96398610bfaaffad2e752522461d73d966859ee76bcfe04 |
| SHA512 | 920272f0a0582215912282de69ccde77df26b1adc115a193ba84d47919042fb838f18f5486146ff27d7ba7e3f2fd224c36c643964d5d9f2d5f874ea6adbb3588 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a90351f40f73f1d9cc21fa4f43e26dac |
| SHA1 | 5388e6093855bf16aaf6e623cca55a8de46cf268 |
| SHA256 | 751e649ff9aefdf6d8a198c6a46f3b2c671a18595badf510d39ea41551c415e6 |
| SHA512 | eb16dddebcad0c65aed152ebd228f22df4c4d416cc45f7c32d37fead3e2a774ee29fe065ef08480189fbf67e296d110d5cda97a626250736cf67750bf3a1e506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a158f3ebe5edb4ac9eae9fbd48c2aa07 |
| SHA1 | 9fff1263c58f3035450b6ae94183d754367c6864 |
| SHA256 | e46683964b3362ce4cab18a6c4f55c0d5208103d7a60c5b4f841e89b66aca048 |
| SHA512 | 2097b6f73c8894fc8972ff65f9975f88d58267e46b005d11fb71342bc906e068c36a06a6299d277ae0b7c70ca635ca15b7f267bc3446cde0f50940ab04eb02f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e71d1aeb5ac05214457542c1793d0537 |
| SHA1 | 74bf5c677ff671d4ec1b068291579eb1af5d592d |
| SHA256 | f12c674559b879b5c7bd4f1069d9383b383f50544b8830158cb7d8905e40556c |
| SHA512 | 85e53f6ad74241ae043fead427c0dce0df15b91635b2595dd71f6da15d967d992fd6e3a580f55c8639afb44d6097240927fb580300bcb9bdcffb21549fa41dfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6b11a34740306ae312ce39647be9481 |
| SHA1 | c9ab3177599c69d9e49806ee73e70675053abd84 |
| SHA256 | 5a3d5e095bbf7e24d4b3e77d5a0cd12a80034268828e3099d820fc1c20ae3ad8 |
| SHA512 | 182996c362b39f98f87995e8b52893b42f83f7dfd57ec864afa17a759899129135eb12d6e29502ec76260e97c6143281f882afa57750d299d773d74489d17150 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 033f1d1d2f526f0521de825204f187df |
| SHA1 | 80a7cd369f490ce0523a41f7dac81a59a2cbf93f |
| SHA256 | 4cd9dc4b26b1bd6da6a29cce9005c9e321c6fc8192ce49739451f1f9fa92978d |
| SHA512 | 7bb3cb1cbc517636990392ee26faa3123edbbb269d7544a7f09d67c53816def4bd2c64b9557ba0417c1ea8dfa57e5e4460a2d3d03d70939362c8536fc190a502 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b13adc5e1d4e08c39bc1aa2226c2fd |
| SHA1 | 4a60d71b9547ac575ed94b0cc95bde8d3c773067 |
| SHA256 | 40076594349c1f825d7b65e5bf38c756aff5db5067099e8bea5e6c2302fd00ef |
| SHA512 | 2b001f26d60cb7180cac38c87800cdb06b3839d2ce05d301163a755dbd6ec68905c948ad83abf7c33b2a311446dbc3850abff7465e785ba308e737be0b625c82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54097a955f5df86890d5c8e419db6c97 |
| SHA1 | 2f3b1db7884f04d3b65e070aef3327de1095d90d |
| SHA256 | 32016339a6fb7550b849b5af43579075ad0637c58fccd40c97fe6dfa1cc63e8a |
| SHA512 | 9f839e714e0c3dcf4564daf57d671f94f42f5868dbed7381ad7150bc06c84c945f695e3700c9a0368decba269e62b3d606cc286361f71fbcd644798bd0d04c48 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-22 05:06
Reported
2024-06-22 05:08
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\liwazmcdkyebh = "C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Users\\Admin\\AppData\\Local\\Temp\\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll\"" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30627cfd61c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4234978747" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403675fd61c4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31114337" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114337" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c837400000000020000000000106600000001000020000000b19d8b3d5aab57c670eff23eb221c8632d6eee5d2dcc92df0d95df2a7fb7dbc9000000000e8000000002000020000000b64b735b1b652eae43bdc3e1a7d8414757e81ef980d83bbf00b29de2629fa9832000000041873c6bb7fbdc41f3fadb4ef137aff10ed3ffcfd946ffbe2f6d25d48bf1e96640000000e8ab7f1732954d0f42811f9db72aef63e6073d72acec3ab40addd0e3add0ab9b33c986b672bb0d9bc176d96efabf0c049a3dd1799683016e7ac6faeb6bb9b70f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31114337" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000006633b135c95c54191e4d28dd78c837400000000020000000000106600000001000020000000f857dbf0c32826e42659564e2b541d69eb230b417a76e7052e78b398169882db000000000e800000000200002000000008b8a6135b2afd84c5ef9982a24f9f6e95c1a75aa1e8bae5a66a4a956e0294942000000040037baaeb1c6280690f43932129f9a9acbdd996b7a73ad2ff36f5a15d638dd84000000089fe93ebaa86cd12e0601d90ddf205a5b70bbb88bf03abcd090f1c30b4dba8ff078b62163f7fa83b7997bb594d40c7c13dbbf842741bcc9110f91d08189325b1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{280A4231-3055-11EF-A084-46FD0705B728} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425797752" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4234978747" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4237010264" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0}\ = "cpmsky browser enhancer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CBEC6D69-E377-5F75-0EFA-2D45E86FB6E0}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4504 wrote to memory of 3644 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4504 wrote to memory of 3644 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 4504 wrote to memory of 3644 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1208 wrote to memory of 244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1208 wrote to memory of 244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1208 wrote to memory of 244 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0169eb062aa14ef526a072ca0d486d41_JaffaCakes118.dll
C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:17410 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cpmsky.biz | udp |
| NL | 46.166.184.111:80 | cpmsky.biz | tcp |
| NL | 46.166.184.111:80 | cpmsky.biz | tcp |
| US | 8.8.8.8:53 | www.cpmsky.biz | udp |
| HK | 172.96.185.159:80 | www.cpmsky.biz | tcp |
| HK | 172.96.185.159:80 | www.cpmsky.biz | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.184.166.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.185.96.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 3e69b4f7d8b24e6c9606a99dcceb1477 |
| SHA1 | fa51b22048b9881fa9d589edabd597098c6ce426 |
| SHA256 | a8616afc4ac83452b293faeb861b299486ed4a881c4a0d9856fb55c877354db5 |
| SHA512 | 6ec308d1d1ef5c5dce11d34ecebe0fc28f27154a7fa376529f5c315ddc63e0bd211cfd1ad42f6c2ab3a3d6da5b85ea004e20d7621430de45220c1df9055b550e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | abe44ed58b1e64753da11064ad35f06b |
| SHA1 | a0bdbb04a4f5ec7c6cb99092322063550fa55688 |
| SHA256 | 28fc5e07cf975bc75f4c94a62827b8b81b7603957b15445fdd9cd5965856c2ab |
| SHA512 | ae858c21c1cc97f5ec04e479a1bf3e5682a86a79ea2d698f3919aa065c2cf8261e33e6bbb00aa8a01402ab67778a1b681f577c6f2752be6a6201c19590cf5e14 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\AKI8W8FH\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |