Malware Analysis Report

2025-08-05 15:16

Sample ID 240825-hv7qaa1fjh
Target c033e9431d8deba3a57d216833935e0d_JaffaCakes118
SHA256 7a85c4dfdfd9ebf4e4d8639060a345413c76589c62036ca7be8e46e15c43565a
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

7a85c4dfdfd9ebf4e4d8639060a345413c76589c62036ca7be8e46e15c43565a

Threat Level: Shows suspicious behavior

The file c033e9431d8deba3a57d216833935e0d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Runs ping.exe

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 07:04

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 07:04

Reported

2024-08-25 07:07

Platform

win7-20240705-en

Max time kernel

149s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\PING.EXE N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4990D791-62B0-11EF-A446-DA486F9A72E4} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\dsearchm3f2.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731344" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{50122FC4-0E2A-4A70-9995-35F7A0685A6E}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000052ebb00f937f651e145d297771d0bdd604527cf1e4944f8a109a8d0956365795000000000e800000000200002000000025a325b3954b74e23c1ede9082636363ae2dc5f64603eddfd74ae5d83cd45de69000000067ba7665a280a959dcd2c424a12a4b983b383602aa3562b470512417878602a2394889ef96e4150ea089868d3664eb05488626315868c6c02521cf70b1bc659b7dddae973d0a1d444158223e719b22ad838358d5fee1902364d3950d04609563cdde695f8b71383551480f1605914192a0650a625061f65ba579b0e3c71d14ebb71f1d4f516c6483c7d82f2be7740e3f4000000097975f8272f3bdfe286f7912383c71f79d7fb989985a93e22f6e6df4df6e44295fd1a162148045e2fb9ff8204ab87c1a7f1b0b7e93b5e053c585a7580b8ec046 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{50122FC4-0E2A-4A70-9995-35F7A0685A6E}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000094dfb2c8cc1d1ee02c6574f578d8b7456e52cd03944d2bef5492dfcfb6fd1aa4000000000e8000000002000020000000cbbcabde4327fe73e9f32addde8bc8b96f8b69ee5e44c69ad50ddaca7b119c0d20000000d6af844a4de2f786a1cbf10a39178222c5739dd5d391849823261233e5eaff4e40000000591e64cc19a1804cc2d68daa9705d85b2ca13fe5a0a5a9171eb04a5c0982af93409425b327c9766abd4a351555e1efd6057a6ad9322156499ac8963c4efbe942 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{50122FC4-0E2A-4A70-9995-35F7A0685A6E}\URL = "http://search.dsearchm3f2.com/s?source=GoogleDisplay-bb8&uid=fbf3e429-d880-4669-9b3f-cf8044414213&uc=20180414&ap=appfocus49&i_id=forms__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\{50122FC4-0E2A-4A70-9995-35F7A0685A6E} C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\dsearchm3f2.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70983329bdf6da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.dsearchm3f2.com/?source=GoogleDisplay-bb8&uid=fbf3e429-d880-4669-9b3f-cf8044414213&uc=20180414&ap=appfocus49&i_id=forms__1.30" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1584 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1584 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1584 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1584 wrote to memory of 1228 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1228 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1228 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1228 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1228 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1584 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1584 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1584 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1584 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2564 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2564 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2564 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2564 wrote to memory of 2700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.dsearchm3f2.com/?source=GoogleDisplay-bb8&uid=fbf3e429-d880-4669-9b3f-cf8044414213&uc=20180414&ap=appfocus49&i_id=forms__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1228 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.dsearchm3f2.com udp
US 8.8.8.8:53 search.dsearchm3f2.com udp
US 3.213.212.238:80 search.dsearchm3f2.com tcp
US 3.213.212.238:80 search.dsearchm3f2.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 8.8.8.8:53 imp.dsearchm3f2.com udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 3.213.212.238:443 search.dsearchm3f2.com tcp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.1.44:443 cdn.taboola.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
GB 18.164.66.220:443 d3ff8olul1r3ot.cloudfront.net tcp
GB 18.164.66.220:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 rss.earlychirp.com udp
US 8.8.8.8:53 native-widget.digitalnetics.us udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
US 34.233.184.141:443 native-widget.digitalnetics.us tcp
US 34.233.184.141:443 native-widget.digitalnetics.us tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 connect.facebook.net udp
FR 216.58.214.163:80 o.pki.goog tcp
DE 157.240.27.27:443 connect.facebook.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 44.214.112.150:443 imp.onesearch.org tcp
US 44.214.112.150:443 imp.onesearch.org tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.170:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
GB 18.245.187.19:443 rss.earlychirp.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
FR 142.250.75.226:443 googleads.g.doubleclick.net tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
NL 146.185.152.20:443 api.openweathermap.org tcp
NL 146.185.152.20:443 api.openweathermap.org tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
N/A 127.0.0.86:443 tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC5D1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC612.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28720835a2ea0659454b4e30ab0c278a
SHA1 739088bdb8e9b56ea403dcc7d855febee7c21497
SHA256 beb5ef8eea84d18b9fd484532e5c153459b7a8ee855c32cac8fbc74c0b236ef1
SHA512 32005274bb870ce766380d47f363f527558e8bc407f77ecd21f014dc4f8e18b401da67a14ecb3f67d549c015dc6016dbc412d1448f86ca495146e876f96922fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4971135801f2b8981902da339e8b3be3
SHA1 4b62ffa2dcb542f33d735156d2176910f8a61b46
SHA256 3325aeb941c422ccbb6c84379843ed7a38564e30e42efca0dc0112edd56e6d36
SHA512 6586222de6a47fbe600f91ae6648f4406567d18404d5195255c956177ad3e76998956bcf260927de31e47eda391a67718ade4f12080924476801fd656cb3a8af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65560309e934334b9ec5748fa8f4a232
SHA1 751405527f92b604c17f8c08096cea83d3f9138e
SHA256 9454caface915040d5f0e4e6350ded5b2661b1d199937c3b80452a77f9bc61c2
SHA512 d91097f9d7018aa1d2b48cfc100b2c5e8d482671154a8b9ed59b4884bc55ebcbfa78ad0c5f25022fb2f22a5b597490797f08283e6ee097f9cfc569021c3fb27a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa9f495e83be8bd6106e378c71cfd187
SHA1 e8e47231847c4d47a6f0d0376bede5db3ce4af31
SHA256 6be64e02466f0c0336278779463407d59e4e8fa2e485f054b50e80591a19e70c
SHA512 b4267da2807c0850cfe052a69cb4bc79c36c376ea6671f2c1702ea8cf7355737853a175b56f57eb0503da84eac1e9f0efc65398534a2c66a5a3a3d454a28468e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0abdead877f5458b344979b52d1d0218
SHA1 c6eb5cbba89f2530702711432fc86b18cef44ec8
SHA256 37d5a61c863e343c06a3eb6d13267afe780dce053b6d659c558e6a94d37e7000
SHA512 22ffbcf1ef61cb6321663975396eb3d0830fe811fceaa9b221ceec74491b51a97a0ed885d05d64e6e5fb490b19c598029ef40d0d7371fe85ff5d69b417e86625

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 689d62596ec4e71e1722e58dcc58edf0
SHA1 abea202c0ba164bc3d80d99454d7cfe36daf9691
SHA256 3c6d6ca69c25b34d1e321dd1dab4592d0727e9819ab999bb0428ad4a1f261b05
SHA512 c7df877c0e3d5ac4af3a200eef198bee5f144b133f3468ae27de3cef77fadd56ff7dd41725a0dabb5de26cb884726861f51687b85227403f828212ac93938bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94fe4464f738b12ee5f6b3066ca44da1
SHA1 7fa7cb7d9d7987e5cd7776bf4ee4ebfc5bffdee7
SHA256 a58381cc19db64f93064838b83fc2e41f3c7d65c746949d56f161e5bf3cedbb2
SHA512 cb6404500bc5bbf629605a0fcad08af8231db395a9a8db927cd9d6dafd81930cc488fd003d334a18af031783e7db43de4ef0574a15e1c02c569cd9e3d112294b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84d716a5225c0ac0711d3258813179f1
SHA1 81097f227cb366f96186ab137688c868c0a0c840
SHA256 5b15638352402a3777cf2b5cc68ebaba589d06a81ec4224de4f48380ec43e90c
SHA512 fdd4984bab95c1ade955d01d8d0a9ddd612bbde3bb8cb4792909d4e56e038aa20060f593de1459f714295c4249ac39ce93977c4174c97d491460a5fd5a78fc00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479d6b8b495660fcc4067fa085d02333
SHA1 43f99944b363fe5988e44c2b23b857efd0bac45c
SHA256 5fe567bf6c2a980280c061f4a886d990b40796bddd3301be435e8991696c7c14
SHA512 c1accdc8b68d35ca2ef9c4996620f6d8959f7eaca10dc3b53efdc34917a970d1d54d70b0d6a29d50b873ac7cd7d172de37ec9028068b8f68e71f2f91d7e7187c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 116adbab8fa222a521fed290bc7564ed
SHA1 a53546f8246df6c95ba0b7c7129ac600b05acc49
SHA256 af786dad7a4fdd0e52d5cfcedfbbee0670929232fd14779c66ef0ec821177218
SHA512 3ff482c9ecf420e34d8178b488664ede65e763135e45738f04f3237d686032e5d1a2b0cbb89006d022de5d379873896dca766186e9f9c6826048ffca00a00a72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10f040073f557e8f0f6e0c015045a684
SHA1 6a6e98351cca49835f82e89e2d3351c10ab63700
SHA256 d21573c0696f3f197a134e7702bcc39da44eb0372c7be43dcd0f53d40fcb060d
SHA512 5a6913d39ac7c96b0764721fcda521325e7a45a8fbece03586c8e584ec683d6a7aa9fff1b650d71393de1a2dc8ea71e1a38714f1dbb7787e500c806461803eef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 825c7e759c1b323b4f7f43c872a2d19c
SHA1 5b805e9c73ea472a348314f74bd755368a8d27df
SHA256 84e41773942cd95d2c94ab58f5e3e51589295fe630722808dbc7d54a9faf168d
SHA512 a5f65bf483ef2b01f12eea07bb7b18173669997fb54aefe0c45e9c316c969ab903cbf2279beb4f6e24bc7465ea9af4c9f842dbee70dbbe97ad9d7939fe01f6e4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\js[1].js

MD5 f0c59a869aeae9520150f1c9b8993378
SHA1 590c85e209dcf3dd088f3fdde87e879846e73b83
SHA256 387909d1b3a5232b41ee27e38a0372ee0152fa9ed554eda505ecc647696d866f
SHA512 8107f6d483d1765dbaf418f7e7995fcc42e5512e1c45aa707d8b3d3c0f530b603f191c80c7297849930a567016083c266df700499cf61ef8c16fbfa44a6b792d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38bfb9759f8171f7ced365178910a34f
SHA1 4f486db8aae9269f85f92d3e97f5045bd5228260
SHA256 e929058515ba6f7abd71daabd7588f6953d0454403cf7f91511795220f492acd
SHA512 ac7758c52b218fdc008fa35ab3921b08ac1a553f2785bdf029db5c44b8fa0c8e242cecb29b846e7def21109521d27fe511048bb7ebb81edd5a8c3465af5820db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2ad91c127b4ee838ba776bdf26e3061
SHA1 b30833e44e361cbd7fb96fb3fa48ada0ed4f2b73
SHA256 7fa342493efdabf9c1a8c6cb8d7047564b383c70cb9d500f65789cea9ce6527a
SHA512 cfa074fdcb364179cd4b8c7f9f791a639ba15114cfce1fcdd686c0e94a8e7932bfad8fa127d9d521486a34c056550b009c6e09d2f9b6b14fbfda5dffd074afab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abc772ef726f06c80d67e272bb9a4acf
SHA1 8d35245db730e86df5213848be44ef6927609adb
SHA256 1f0e70c1bfb4a8e0cce38d347593742873c9df1f3635e20d9e68f3fe81bd829a
SHA512 da1f05e9681e08b5adb0e3a2acee682afe8906d88e37af8a34887b2d4d197e1bd0baa02a70b15bc2d3ef55b6714e72415f16cce9e392d5974749780aadc36c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac2d45820eacf4eb75479ae4bb3f03f3
SHA1 f0d5491dd8434019d2716c482eb9054ba68a9e2d
SHA256 c39836f982c2aeaf94b6bbcfc5db28f00999afb853e74b16a0ab987e3257e20b
SHA512 63c87b25167014f67ab412f9482f11c22eddedbc1345d8a08eb2fde6604f94c5c3534b6f428e8b7003273b52a643155aa8b064291c646fd8490656f655fabb9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e702f5abcdd3fd7c24561a6c410994fe
SHA1 caa1d564508c5a10d121d562620cac413e8798e7
SHA256 033f7cfa9f98aad5b83105d9560339227106165faf4961c170be39c967455ea6
SHA512 6c089314f5b226e4943565de4ea8ca6efef19301e0182e36ef8642cdb158f9b9d095beab6eaffd1849f7cd69f27e222b13f74166878e0efc6bdbb02f8da3466e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 038a4ba60f548e11f5d11e419efa11ce
SHA1 b75040d5a2fd521d314b6a3357ccceda9281c126
SHA256 651e10cdfcc55e9bbce889386608f341eadeedb7a30045ff69bd7202c3486a3b
SHA512 30d4e1f621abc8e7e4a1cfe8c3d87c53250b312c423f35a7e7246b4cb7ebdb3c5dfda8b711fe679680981b5a641d8b477282e81fbe5d331154c93f05f363eb8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4f76076749928327fb72f180b0cf620
SHA1 9e65dec2cf8ddb18bd0332ec7ac5e6e29d24af21
SHA256 f0c3c4545f66e1dbb8e0f0f20c0f7c2fdfb9276791320b3a7b07eebb45b96a3c
SHA512 355987901d4e1c27599b44bd959c953c971246760d095e8aec46216543bddfd2feeb200385ed4c1ea8d0fff3c9901a80193b1e2c6459e1860e5ae3244fd21899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c39960c8b5c84b3d510caeb6b217238d
SHA1 96f404e05b1a37774340dc77feeba8c12d2343c7
SHA256 5abb23896c43dd59eb91dfdc314efa5cdd1749554ea6f522763aeac36de18ece
SHA512 6a6a22231490d53f73faddbfb2f6770367ae3c6fdea1a2397312b9c0f3b470927af2642d67c64c21d31039b1cdb26749db5dd959aec8fc52430ca2fb590b576f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 464db6eff2e3865f3d12f174c49274a2
SHA1 a010acc49b37b2892d0153b719b31c9c217e6d92
SHA256 5df300aa17ac1e7e722abbf7e7eb253e6a05fc50d9b4f822aad9a3806bbfeaea
SHA512 8e8ac8586a2482af24089cb2b38139266e7900bc0027f22a5c3af5c2a5f18c33dc49899f9e19b445604bc804fb2cec01e5feb40d116b8ba130507ea10c1987b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

MD5 7375065514152d9ec7fabb92dc899122
SHA1 90e86de6c088b7da1389d4f4669aed5caa05344a
SHA256 afd662da981b90486a6d9d64e74c1fdff49c9305c88e366d5b9033efd78673b3
SHA512 26118fc7911f820e373bd6013b9f55f6bee636861f38c857c26a17d55976c10b9b6723f78107f08df3feeaa97de534a568ea5727956487e30a68bf51a26530c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d77aa5c1d072f21212818a96a4ec033
SHA1 8ab3e00180dc0fe908318d353fb976b21ab51543
SHA256 436067000a27b361bfae50e541a6be5990b466a6635f556f76c79a6fad02dd45
SHA512 0a81475caeba2073a9d6f9567a8600963648bc6789f51589823e7b7e464facae97d888cf41cbf308e56c9945f866568c33edf4a06697c29b2a95780a240ca266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6eb537978ff2f45cc45e5142369f887
SHA1 abf91961895f73b6bdb9d05a86c2e62cf8f2fde0
SHA256 1de7631d1589033f77ed93260cb45deb78d85efb11f9373349e95b29e4e42145
SHA512 a925edfc503d436c2a57a58d2aced9a4c9ea4c254ed72aec9c7f13d5cb2988e8145d6c4a632f1241e9895e4db7d149458a627855146f40f00c5481175f0c3a4d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88b3ff6b14482fd16c69f9a2f1c043ae
SHA1 7f5a430b568edb07da5775dad83430d40eefb69a
SHA256 0c32af12bfe9468d445915e5ea86a6f9d78846d97ed584191c327da1b5c39812
SHA512 cfa1d782f55d9048bcd6bd3071c460557290c90a50d18a3c15371d16cea0dfe20bf3fff1e6ccecb9fbd9fd521ca84acb7860d175898256e4219aa86c424505c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0f2e969a0ade8c45aae9f9c35a3d11c
SHA1 184d1cda2393c63bfdb28688d764c95134f12491
SHA256 47495081b0ad3defb81c85b8e83bfd6ff577993282f45cff2811943978b8cfe3
SHA512 3780dc29eb41664e0209933fa55cabc6817e7147074d6358f86dc88f3916e7541a4e993ee2b94ead55629f13dca4a257da0bb36d440267097d481d9b685ef69f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 749dc1380407c689827f99796a75869c
SHA1 c63814a6e469bbfe9729410bbdc467b93b4fe4f3
SHA256 00468e75b0a492100f337b92bfb4852dc7a59db48000be4ba9a5c92a78c0dad6
SHA512 7fe43401b3ebbce58ece3fa18a6cfc4ad47c2fd82378816633534bb9058f9e016475ee3c8fde42b9728177d73b59310013310b84d4aa93addaed499924f1527b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 186ad7a69fe32c78f5976c80015c50d2
SHA1 7575e472e2b94bdf11a1a8d53bd8d2f862f5e46c
SHA256 5ebbc0b1556d237a8e78d89b41020539c824597e8fffeb6916001375e26d7fe8
SHA512 e7f0128c3619229c34d7e20d19199ecf7c1793516da8b6f9d809a8547c33030c177c16f6c1e822d93675f95fcc91345874a9c6c864f29db7480bc2f36d68ca33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8cc687fad52d4797b7aac4653df1ed9
SHA1 59f5c92987e993423d7bdcb21f726fef2a0b2752
SHA256 2efe2375a4bb8c601b7768d8a42cd4a636ba85ee10b92bb992b698216bd1333d
SHA512 00d87b545c640df72902e82dc22815469609aca90c2add223815306d6f10194ca8dc6e8c4a745fe2d9d145c87195f2fc0a0a62bf535c591395322f633ad403b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a1b6622fe966f6ddbd305c9951cedac
SHA1 45efde26c62d69a27d9fb16ed2048e6526668548
SHA256 41986f5f132d0d0d0eb9e19656b81aea71c0480ee65b343742ed1a447c566992
SHA512 28045195d389efa6260ca7370254fd67b2e2d5b97c39b53811f2f1777c8dadeb495223885792b42268a223ac7f0c5d7b2263628a703360af86034cdc26f7ae49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e89f9b66b01d42a615b02d8bbf7c69ce
SHA1 ad4047c5dba3d849d6585f516d412f01d37c83ba
SHA256 b4fb5a6a35f89ea149716901580514d67f014a759e37c5e771844c331f568110
SHA512 9ce6dc72fd2eff34a02aa1ba842f4d997a0f1b68a9bced6eb2a626cc494de1fb6c02823b319ed26ee64b71c3b9ec86855711537bf5fe71c9e6ffbdff4cf2e9d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f6da57262bf9231598dcd2d4f60dd6e
SHA1 abb16c3e0555ab5db9e16ae288c269923483caa2
SHA256 ddf31f05c4e42bd032fdd16a7142a3c6a8c78545c1de960f39ddf647b852b572
SHA512 73642316f3ad20de17104bdc572fcb7a03512b5b598e0641a76c992b748172b1ccee8827918ed396efcadf9907404ae54624a5d8b163ae39351b2e19cdabf610

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36b7a4348bb12ffe9935df8d5a96a6b6
SHA1 9d8a5768e04c529e676d344ad6424fbaca1480ab
SHA256 f7e5a51bfab5c85c07e6c99f7279af4816884bbbcf8a6d9cb1c1864a14379a19
SHA512 89f1ab0ecae19d86cb3c4e9340f85293b90a397ecff842a598250de8a3c810a30bd5e209e945e5c33cda10e91e1a2b6d848c78434f6f181e294acedce71cd4b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 43871068ed1b7e0cade6a2cf74b931c1
SHA1 e79d0d6505c3eadcb910ef02a0703891901dfc82
SHA256 41a7984ee0e679d3fcdbf286852251624bf170026e0b985a363dac0369ba1859
SHA512 c6adc71b05c43d385d0e01fb25d9750817aa01376d33d32d246e53a90fbd070ad9b1e8da54b2459792a32e4215c13a9aa75ee093552a626c94c8f316f836884c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cc3e381d24b42e422ad293ae1150868
SHA1 2436d1d7f1a4ec20d26efd2409a4504e8148e994
SHA256 de3652051bd409065aa00d783a56783f74772d41f7657f78fd3c7679287e41fc
SHA512 2f41f59e42836b060eb22293b90b40fab397f23f0522bfedd1dad5a61ebe05af24c39feca4e9b2cbd98a0217adda2777f49850e184aabbd3b319ddd3133a1a86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 be9f551037d2dcaa4fbe7d52a52ea05b
SHA1 3f4786e4ac01aca4f03a0ed0592f0b3bdf27eeba
SHA256 ef7ec72bcbe955086081e6278803a1d141fedbe21e0f22cd53f166aeb1cff606
SHA512 8698fa0bd4e1bfc6bfabd5c3a7ebc1791cca5a8a2316126a5a1b932b121ac3bd0503c5600ca4833319f14e57b360905cdb07343462f6ca3626b4b6fd82c30926

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4726c982926eac73c132861d62119ae
SHA1 118821b311dbdfd7819649f15a6b72c796ac8110
SHA256 e679eb6d3a52f18195f4325e2156d474c6d7f8f1a8dad5253cc6b488b0e9c931
SHA512 ea55627cc2ba5ecddb1e114dad68b19ac6867381b87e75b894ef558d8ac7b1208ac8f5c92abaa83d418ec0342f7324f968d1fe5c00ceda82dd6c38df3e1c8dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c02e982670e67aee593f39f32eb3c55
SHA1 d55ff5df9a2739f6c4324e157368ca0f43ff6aa9
SHA256 1b272fbe02e3f66746b57b84da5fc038e787fab5b504e6f432d7afebeab8f5c3
SHA512 ee1161760abec8c516b0f39046389da055f5483f7bf27f1975ea86b3999a560e1adcd630d03f52147332b3784e26533f67288827d8a3e5383e410696d484f870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f257a73b696eb68ebd7384cb3bae4f0f
SHA1 78bcb053907d4d74009e7f7f398c7e00cac2fa4d
SHA256 fc96315b352fb143a1c5c09a23ae48bcb1199b583506fae9753d60a8c2edcde2
SHA512 a414caf542a85c269454f0ca0aa8713ea83eabf9d6715e8f7cd6d41a74a4a3f359b07b6e5f82adad7a460b51c0ed9d54d28b922da0ba6275b38e8992dc6d84b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68e7b16f1dadfe945045667894b0f462
SHA1 9f8e5a879b54761def6b92a9d1eadd4eb3cd39ae
SHA256 527d9c69b508993f1b04356b867c641134473c633ed20b50c4acef19ce65ff43
SHA512 ddfc99ef5e3a4fc5070c5e050ccf2b3471f9fdd74fd69a0235c8a93687c5c2eb40bc0786b3ab677c3e9d0eea465abe8c194b79a138c1d16ce526b946185cd094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6ed022722721d63662b557cfc5ca6e
SHA1 db28a321ac208b4b51213f7c7921c1bd9d3e2040
SHA256 70aed2d11029052f4f75ba77a667a388fbfd2dea7bc2f59c58d63493518651b9
SHA512 409c5b02bfbb672c8768d4d1f3f75d2392111af9042bacd28770c5ccafc41986802fd52e2b81b780981293399c08b2a6b83fa6a68e35705a30aee1e05eda1915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dda3f911cdd36e30f677b7d35cbc4a1
SHA1 9fa344cf574fa640744d4e53e09c4aace33bdc1b
SHA256 9daacaa572bb0191c129a4370ca3bcff9c1b6e7946b28933b380415785fe41fe
SHA512 498bc6c8ac64a2193cfef4d9012a575fb02f2cea961e68956e5b0868cc5e7fb756a45d69fe6c07213f86d9c7da0481e35785eebce2b6d04334fed5a99abaaea4

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 07:04

Reported

2024-08-25 07:07

Platform

win10v2004-20240802-en

Max time kernel

144s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "544488630" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31127229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{CA4E5FA0-AE72-42D0-AECC-2BBA89A91CAC}" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31127229" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA4E5FA0-AE72-42D0-AECC-2BBA89A91CAC}\URL = "http://search.dsearchm3f2.com/s?source=GoogleDisplay-bb8&uid=fbf3e429-d880-4669-9b3f-cf8044414213&uc=20180414&ap=appfocus49&i_id=forms__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA4E5FA0-AE72-42D0-AECC-2BBA89A91CAC}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA4E5FA0-AE72-42D0-AECC-2BBA89A91CAC}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4BF07715-62B0-11EF-939B-D60584CC4361} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431334454" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31127229" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "541832285" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA4E5FA0-AE72-42D0-AECC-2BBA89A91CAC} C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "541832285" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.dsearchm3f2.com/?source=GoogleDisplay-bb8&uid=fbf3e429-d880-4669-9b3f-cf8044414213&uc=20180414&ap=appfocus49&i_id=forms__1.30" C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c033e9431d8deba3a57d216833935e0d_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3436 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 search.dsearchm3f2.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\T1CTRFUW\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee