Malware Analysis Report

2025-08-06 00:45

Sample ID 240403-xk71maaa65
Target a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118
SHA256 a3aebdb374066a1250ef73bcde03e449e542f278d7d1d0f6c6b3b056619f2774
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

a3aebdb374066a1250ef73bcde03e449e542f278d7d1d0f6c6b3b056619f2774

Threat Level: Likely malicious

The file a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Contacts a large (965) amount of remote hosts

Reads user/profile data of web browsers

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:55

Reported

2024-04-03 18:58

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe"

Signatures

Contacts a large (965) amount of remote hosts

discovery

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ati display driver = "ÔN@" C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\auditpol.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\dialer.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\msiexec.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\RMActivate.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\dpnsvr.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\finger.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AtBroker.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cscript.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\perfmon.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wiaacmgr.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\mountvol.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\subst.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wbem\WinMgmt.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\dfrgui.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\openfiles.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\runonce.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\schtasks.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\setx.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\SyncHost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Dism.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\makecab.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\migwiz\migwiz.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\regini.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bthudtask.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ntoskrnl.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\SearchFilterHost.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\DisplaySwitch.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\doskey.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\gpscript.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\hh.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\netiougc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\syskey.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\unlodctr.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\eudcedit.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ktmutil.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\mshta.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\regedit.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\convert.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\NETSTAT.EXE C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\PresentationHost.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\setupSNK.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cipher.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Magnify.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\wevtutil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\waitfor.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\winrshost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CertEnrollCtrl.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\diantz.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\eventcreate.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\RMActivate_ssp_isv.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Robocopy.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cttune.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\mcbuilder.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\WerFault.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\logman.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\rasautou.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\fontview.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\poqexec.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\SetIEInstalledDate.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\svchost.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\wmpenc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\7-Zip\7z.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\orbd.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\minidump-analyzer.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\javaw.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\minidump-analyzer.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Internet Explorer\ielowutil.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\policytool.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre7\bin\kinit.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\setup_wm.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_netfx-dfsvc_b03f5f7f11d50a3a_6.1.7600.16385_none_96dbb959ba7c7a79\dfsvc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_addinutil_b77a5c561934e089_6.1.7601.17514_none_1a816bc7556b71eb\AddInUtil.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\IMCCPHR.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_4f466e7a0fbb1a04\systray.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_6.1.7600.16385_none_2370c162e00680c3\Defrag.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcxtask_31bf3856ad364e35_6.1.7600.16385_none_b6bc1aae9d0693c5\McxTask.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFault.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\audit.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\WSManHTTPConfig.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_narrator-nonmsil_31bf3856ad364e35_6.1.7601.17514_none_8b63c5e0db87fde8\Narrator.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\ehome\mcspad.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_6.1.7600.16385_none_a0a25363eee12f40\colorcpl.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..line-user-interface_31bf3856ad364e35_6.1.7600.16385_none_dcbdc8e83e2b98be\cmdkey.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682\rwinsta.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_1ddd261c4e350476\upnpcont.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-x..rtificateenrollment_31bf3856ad364e35_6.1.7601.17514_none_51bcbc61a5466a58\CertEnrollCtrl.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\doskey.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_2936f54db7f6c08f\findstr.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-pnpui_31bf3856ad364e35_6.1.7600.16385_none_bacc830144fa7791\dinotify.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-setx_31bf3856ad364e35_6.1.7600.16385_none_086bc77632c16995\setx.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\dpapimig.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.17514_none_4544cf0e5f20beea\prevhost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\ehome\McxTask.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_6.1.7600.16385_none_9243b833ecd918df\baaupdate.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_dafff0c26538f91f\extrac32.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_5aad0353642dd29f\SystemPropertiesPerformance.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_netfx-clrgc_b03f5f7f11d50a3a_6.1.7601.17514_none_f5276fe6b5adf276\clrgc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_f217bd1caebaa683\driverquery.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\newdev.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_4b57445488ba33fd\IMJPDCT.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_c82fdb5265bc18af\SndVol.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_6.1.7600.16385_none_3b3f55233d47d4f2\gpresult.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\msil_loadmxf_31bf3856ad364e35_6.1.7600.16385_none_388de5065074b62c\loadmxf.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\TabTip32.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\plasrv.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_763763505e93084b\IMSCPROP.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435\mblctr.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-s..boxgames-backgammon_31bf3856ad364e35_6.1.7600.16385_none_668d031845881638\bckgzm.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_90ecf919657dacf4\ROUTE.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_67e6e9a778bbd9d5\certreq.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_6ff39cfbb8057a05\cliconfg.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000c1020c34a518c7628e75a604265b6e40c2e02aadeb9a3683bfcb9b1c1db1f7de000000000e8000000002000020000000b31013c201d69c9343ccfabc7b5512162498e4d2c2cf685537e9516cf2ee641720000000015fcf6db0c1db785c0f70323373ead241c967a77d62293429e35175026fcf344000000013e18c9ac6424e838fa7e8a39205fe0c7b6852ad502ef422a4fe57c82e5bdabf94ee0bb46fdc52d5d248d3c23548a0b8f24522e4cd8bf787e79185661421d1f2 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418332423" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC968081-F1EB-11EE-BBF2-E299A69EE862} = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90fa34a4f885da01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000d4bc03070d367f55d160608a8435678be542f42b7d6e178a28359729b57640d8000000000e80000000020000200000001b9a49eb51ab15511d0c9708d3d5062e6e07fa82663cb01f22b7d10355d8906d9000000093c2850997cb04608d75e8cf7b19e48666dd042d8a5b1ddc435600b8439c918b61dc038ccc49bb013710808dd0f9d3a3f4f37bee5decf080d7d65755000a550b0cf8a1dd6ee181fa8af83083176280ee0eaf7713a1ffc561527e8801080af8a3534f0fb8927cf4d977e470fd3fac1beaf4bafc62a92af5d39946dbe38c21b29c0ec5904b390d4a7e347f3e6a28a73af840000000c9e3046fb25075e0ac53a1cc820868b10e2a75ed93318f72b9c84ee27dd5950d274f8b19335c1fa7865fcdee0b46723db419fce3f82a936428de0702463f73dd C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.exe

"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
US 216.180.105.1:135 tcp
US 216.180.105.2:135 tcp
US 216.180.105.3:135 tcp
US 216.180.105.4:135 tcp
US 216.180.105.5:135 tcp
US 216.180.105.6:135 tcp
US 216.180.105.7:135 tcp
US 216.180.105.8:135 tcp
US 216.180.105.9:135 tcp
US 216.180.105.10:135 tcp
US 216.180.105.11:135 tcp
US 216.180.105.12:135 tcp
US 216.180.105.13:135 tcp
US 216.180.105.14:135 tcp
US 216.180.105.15:135 tcp
US 216.180.105.16:135 tcp
US 216.180.105.17:135 tcp
US 216.180.105.18:135 tcp
US 216.180.105.19:135 tcp
US 216.180.105.20:135 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 216.180.105.21:135 tcp
US 216.180.105.22:135 tcp
US 216.180.105.23:135 tcp
US 216.180.105.24:135 tcp
US 216.180.105.25:135 tcp
US 216.180.105.26:135 tcp
US 216.180.105.27:135 tcp
US 216.180.105.28:135 tcp
US 216.180.105.29:135 tcp
US 216.180.105.30:135 tcp
US 216.180.105.31:135 tcp
US 216.180.105.32:135 tcp
US 216.180.105.33:135 tcp
US 216.180.105.34:135 tcp
US 216.180.105.35:135 tcp
US 216.180.105.36:135 tcp
US 216.180.105.37:135 tcp
US 216.180.105.38:135 tcp
US 216.180.105.39:135 tcp
US 216.180.105.40:135 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 216.180.105.41:135 tcp
US 216.180.105.42:135 tcp
US 216.180.105.43:135 tcp
US 216.180.105.44:135 tcp
US 216.180.105.45:135 tcp
US 216.180.105.46:135 tcp
US 216.180.105.47:135 tcp
US 216.180.105.48:135 tcp
US 216.180.105.49:135 tcp
US 216.180.105.50:135 tcp
US 216.180.105.51:135 tcp
US 216.180.105.52:135 tcp
US 216.180.105.53:135 tcp
US 216.180.105.54:135 tcp
US 216.180.105.55:135 tcp
US 216.180.105.56:135 tcp
US 216.180.105.57:135 tcp
US 216.180.105.58:135 tcp
US 216.180.105.59:135 tcp
US 216.180.105.60:135 tcp
US 216.180.105.61:135 tcp
US 216.180.105.62:135 tcp
US 216.180.105.63:135 tcp
US 216.180.105.64:135 tcp
US 216.180.105.65:135 tcp
US 216.180.105.66:135 tcp
US 216.180.105.67:135 tcp
US 216.180.105.68:135 tcp
US 216.180.105.69:135 tcp
US 216.180.105.70:135 tcp
US 216.180.105.71:135 tcp
US 216.180.105.72:135 tcp
US 216.180.105.73:135 tcp
US 216.180.105.74:135 tcp
US 216.180.105.75:135 tcp
US 216.180.105.76:135 tcp
US 216.180.105.77:135 tcp
US 216.180.105.78:135 tcp
US 216.180.105.79:135 tcp
US 216.180.105.80:135 tcp
US 216.180.105.81:135 tcp
US 216.180.105.82:135 tcp
US 216.180.105.83:135 tcp
US 216.180.105.84:135 tcp
US 216.180.105.85:135 tcp
US 216.180.105.86:135 tcp
US 216.180.105.87:135 tcp
US 216.180.105.88:135 tcp
US 216.180.105.89:135 tcp
US 216.180.105.90:135 tcp
US 216.180.105.91:135 tcp
US 216.180.105.92:135 tcp
US 216.180.105.93:135 tcp
US 216.180.105.94:135 tcp
US 216.180.105.95:135 tcp
US 216.180.105.96:135 tcp
US 216.180.105.97:135 tcp
US 216.180.105.98:135 tcp
US 216.180.105.99:135 tcp
US 216.180.105.100:135 tcp
US 216.180.105.101:135 tcp
US 216.180.105.102:135 tcp
US 216.180.105.103:135 tcp
US 216.180.105.104:135 tcp
US 216.180.105.105:135 tcp
US 216.180.105.106:135 tcp
US 216.180.105.107:135 tcp
US 216.180.105.108:135 tcp
US 216.180.105.109:135 tcp
US 216.180.105.110:135 tcp
US 216.180.105.111:135 tcp
US 216.180.105.112:135 tcp
US 216.180.105.113:135 tcp
US 216.180.105.114:135 tcp
US 216.180.105.115:135 tcp
US 216.180.105.116:135 tcp
US 216.180.105.117:135 tcp
US 216.180.105.118:135 tcp
US 216.180.105.119:135 tcp
US 216.180.105.120:135 tcp
US 216.180.105.121:135 tcp
US 216.180.105.122:135 tcp
US 216.180.105.123:135 tcp
US 216.180.105.124:135 tcp
US 216.180.105.125:135 tcp
US 216.180.105.126:135 tcp
US 216.180.105.127:135 tcp
US 216.180.105.128:135 tcp
US 216.180.105.129:135 tcp
US 216.180.105.130:135 tcp
US 216.180.105.131:135 tcp
US 216.180.105.132:135 tcp
US 216.180.105.133:135 tcp
US 216.180.105.134:135 tcp
US 216.180.105.135:135 tcp
US 216.180.105.136:135 tcp
US 216.180.105.137:135 tcp
US 216.180.105.138:135 tcp
US 216.180.105.139:135 tcp
US 216.180.105.140:135 tcp
US 216.180.105.141:135 tcp
US 216.180.105.142:135 tcp
US 216.180.105.143:135 tcp
US 216.180.105.144:135 tcp
US 216.180.105.145:135 tcp
US 216.180.105.146:135 tcp
US 216.180.105.147:135 tcp
US 216.180.105.148:135 tcp
US 216.180.105.149:135 tcp
US 216.180.105.150:135 tcp
US 216.180.105.151:135 tcp
US 216.180.105.152:135 tcp
US 216.180.105.153:135 tcp
US 216.180.105.154:135 tcp
US 216.180.105.155:135 tcp
US 216.180.105.156:135 tcp
US 216.180.105.157:135 tcp
US 216.180.105.158:135 tcp
US 216.180.105.159:135 tcp
US 216.180.105.160:135 tcp
US 216.180.105.161:135 tcp
US 216.180.105.162:135 tcp
US 216.180.105.163:135 tcp
US 216.180.105.164:135 tcp
US 216.180.105.165:135 tcp
US 216.180.105.166:135 tcp
US 216.180.105.167:135 tcp
US 216.180.105.168:135 tcp
US 216.180.105.169:135 tcp
US 216.180.105.170:135 tcp
US 216.180.105.171:135 tcp
US 216.180.105.172:135 tcp
US 216.180.105.173:135 tcp
US 216.180.105.174:135 tcp
US 216.180.105.175:135 tcp
US 216.180.105.176:135 tcp
US 216.180.105.177:135 tcp
US 216.180.105.178:135 tcp
US 216.180.105.179:135 tcp
US 216.180.105.180:135 tcp
US 216.180.105.181:135 tcp
US 216.180.105.182:135 tcp
US 216.180.105.183:135 tcp
US 216.180.105.184:135 tcp
US 216.180.105.185:135 tcp
US 216.180.105.186:135 tcp
US 216.180.105.187:135 tcp
US 216.180.105.188:135 tcp
US 216.180.105.189:135 tcp
US 216.180.105.190:135 tcp
US 216.180.105.191:135 tcp
US 216.180.105.192:135 tcp
US 216.180.105.193:135 tcp
US 216.180.105.194:135 tcp
US 216.180.105.195:135 tcp
US 216.180.105.196:135 tcp
US 216.180.105.197:135 tcp
US 216.180.105.198:135 tcp
US 216.180.105.199:135 tcp
US 216.180.105.200:135 tcp
US 216.180.105.201:135 tcp
US 216.180.105.202:135 tcp
US 216.180.105.203:135 tcp
US 216.180.105.204:135 tcp
US 216.180.105.205:135 tcp
US 216.180.105.206:135 tcp
US 216.180.105.207:135 tcp
US 216.180.105.208:135 tcp
US 216.180.105.209:135 tcp
US 216.180.105.210:135 tcp
US 216.180.105.211:135 tcp
US 216.180.105.212:135 tcp
US 216.180.105.213:135 tcp
US 216.180.105.214:135 tcp
US 216.180.105.215:135 tcp
US 216.180.105.216:135 tcp
US 216.180.105.217:135 tcp
US 216.180.105.218:135 tcp
US 216.180.105.219:135 tcp
US 216.180.105.220:135 tcp
US 216.180.105.221:135 tcp
US 216.180.105.222:135 tcp
US 216.180.105.223:135 tcp
US 216.180.105.224:135 tcp
US 216.180.105.225:135 tcp
US 216.180.105.226:135 tcp
US 216.180.105.227:135 tcp
US 216.180.105.228:135 tcp
US 216.180.105.229:135 tcp
US 216.180.105.230:135 tcp
US 216.180.105.231:135 tcp
US 216.180.105.232:135 tcp
US 216.180.105.233:135 tcp
US 216.180.105.234:135 tcp
US 216.180.105.235:135 tcp
US 216.180.105.236:135 tcp
US 216.180.105.237:135 tcp
US 216.180.105.238:135 tcp
US 216.180.105.239:135 tcp
US 216.180.105.240:135 tcp
US 216.180.105.241:135 tcp
US 216.180.105.242:135 tcp
US 216.180.105.243:135 tcp
US 216.180.105.244:135 tcp
US 216.180.105.245:135 tcp
US 216.180.105.246:135 tcp
US 216.180.105.247:135 tcp
US 216.180.105.248:135 tcp
US 216.180.105.249:135 tcp
US 216.180.105.250:135 tcp
US 216.180.105.251:135 tcp
US 216.180.105.252:135 tcp
US 216.180.105.253:135 tcp
US 216.180.105.254:135 tcp
US 216.180.105.255:135 tcp
US 216.180.106.0:135 tcp
US 216.180.106.1:135 tcp
US 216.180.106.2:135 tcp
US 216.180.106.3:135 tcp
US 216.180.106.4:135 tcp
US 216.180.106.5:135 tcp
US 216.180.106.6:135 tcp
US 216.180.106.7:135 tcp
US 216.180.106.8:135 tcp
US 216.180.106.9:135 tcp
US 216.180.106.10:135 tcp
US 216.180.106.11:135 tcp
US 216.180.106.12:135 tcp
US 216.180.106.13:135 tcp
US 216.180.106.14:135 tcp
US 216.180.106.15:135 tcp
US 216.180.106.16:135 tcp
US 216.180.106.17:135 tcp
US 216.180.106.18:135 tcp
US 216.180.106.19:135 tcp
US 216.180.106.20:135 tcp
US 216.180.106.21:135 tcp
US 216.180.106.22:135 tcp
US 216.180.106.23:135 tcp
US 216.180.106.24:135 tcp
US 216.180.106.25:135 tcp
US 216.180.106.26:135 tcp
US 216.180.106.27:135 tcp
US 216.180.106.28:135 tcp
US 216.180.106.29:135 tcp
US 216.180.106.30:135 tcp
US 216.180.106.31:135 tcp
US 216.180.106.32:135 tcp
US 216.180.106.33:135 tcp
US 216.180.106.34:135 tcp
US 216.180.106.35:135 tcp
US 216.180.106.36:135 tcp
US 216.180.106.37:135 tcp
US 216.180.106.38:135 tcp
US 216.180.106.39:135 tcp
US 216.180.106.40:135 tcp
US 216.180.106.41:135 tcp
US 216.180.106.42:135 tcp
US 216.180.106.43:135 tcp
US 216.180.106.44:135 tcp
US 216.180.106.45:135 tcp
US 216.180.106.46:135 tcp
US 216.180.106.47:135 tcp
US 216.180.106.48:135 tcp
US 216.180.106.49:135 tcp
US 216.180.106.50:135 tcp
US 216.180.106.51:135 tcp
US 216.180.106.52:135 tcp
US 216.180.106.53:135 tcp
US 216.180.106.54:135 tcp
US 216.180.106.55:135 tcp
US 216.180.106.56:135 tcp
US 216.180.106.57:135 tcp
US 216.180.106.58:135 tcp
US 216.180.106.59:135 tcp
US 216.180.106.60:135 tcp
US 216.180.106.61:135 tcp
US 216.180.106.62:135 tcp
US 216.180.106.63:135 tcp
US 216.180.106.64:135 tcp
US 216.180.106.65:135 tcp
US 216.180.106.66:135 tcp
US 216.180.106.67:135 tcp
US 216.180.106.68:135 tcp
US 216.180.106.69:135 tcp
US 216.180.106.70:135 tcp
US 216.180.106.71:135 tcp
US 216.180.106.72:135 tcp
US 216.180.106.73:135 tcp
US 216.180.106.74:135 tcp
US 216.180.106.75:135 tcp
US 216.180.106.76:135 tcp
US 216.180.106.77:135 tcp
US 216.180.106.78:135 tcp
US 216.180.106.79:135 tcp
US 216.180.106.80:135 tcp
US 216.180.106.81:135 tcp
US 216.180.106.82:135 tcp
US 216.180.106.83:135 tcp
US 216.180.106.84:135 tcp
US 216.180.106.85:135 tcp
US 216.180.106.86:135 tcp
US 216.180.106.87:135 tcp
US 216.180.106.88:135 tcp
US 216.180.106.89:135 tcp
US 216.180.106.90:135 tcp
US 216.180.106.91:135 tcp
US 216.180.106.92:135 tcp
US 216.180.106.93:135 tcp
US 216.180.106.94:135 tcp
US 216.180.106.95:135 tcp
US 216.180.106.96:135 tcp
US 216.180.106.97:135 tcp
US 216.180.106.98:135 tcp
US 216.180.106.99:135 tcp
US 216.180.106.100:135 tcp
US 216.180.106.101:135 tcp
US 216.180.106.102:135 tcp
US 216.180.106.103:135 tcp
US 216.180.106.104:135 tcp
US 216.180.106.105:135 tcp
US 216.180.106.106:135 tcp
US 216.180.106.107:135 tcp
US 216.180.106.108:135 tcp
US 216.180.106.109:135 tcp
US 216.180.106.110:135 tcp
US 216.180.106.111:135 tcp
US 216.180.106.112:135 tcp
US 216.180.106.113:135 tcp
US 216.180.106.114:135 tcp
US 216.180.106.115:135 tcp
US 216.180.106.116:135 tcp
US 216.180.106.117:135 tcp
US 216.180.106.118:135 tcp
US 216.180.106.119:135 tcp
US 216.180.106.120:135 tcp
US 216.180.106.121:135 tcp
US 216.180.106.122:135 tcp
US 216.180.106.123:135 tcp
US 216.180.106.124:135 tcp
US 216.180.106.125:135 tcp
US 216.180.106.126:135 tcp
US 216.180.106.127:135 tcp
US 216.180.106.128:135 tcp
US 216.180.106.129:135 tcp
US 216.180.106.130:135 tcp
US 216.180.106.131:135 tcp
US 216.180.106.132:135 tcp
US 216.180.106.133:135 tcp
US 216.180.106.134:135 tcp
US 216.180.106.135:135 tcp
US 216.180.106.136:135 tcp
US 216.180.106.137:135 tcp
US 216.180.106.138:135 tcp
US 216.180.106.139:135 tcp
US 216.180.106.140:135 tcp
US 216.180.106.141:135 tcp
US 216.180.106.142:135 tcp
US 216.180.106.143:135 tcp
US 216.180.106.144:135 tcp
US 216.180.106.145:135 tcp
US 216.180.106.146:135 tcp
US 216.180.106.147:135 tcp
US 216.180.106.148:135 tcp
US 216.180.106.149:135 tcp
US 216.180.106.150:135 tcp
US 216.180.106.151:135 tcp
US 216.180.106.152:135 tcp
US 216.180.106.153:135 tcp
US 216.180.106.154:135 tcp
US 216.180.106.155:135 tcp
US 216.180.106.156:135 tcp
US 216.180.106.157:135 tcp
US 216.180.106.158:135 tcp
US 216.180.106.159:135 tcp
US 216.180.106.160:135 tcp
US 216.180.106.161:135 tcp
US 216.180.106.162:135 tcp
US 216.180.106.163:135 tcp
US 216.180.106.164:135 tcp
US 216.180.106.165:135 tcp
US 216.180.106.166:135 tcp
US 216.180.106.167:135 tcp
US 216.180.106.168:135 tcp
US 216.180.106.169:135 tcp
US 216.180.106.170:135 tcp
US 216.180.106.171:135 tcp
US 216.180.106.172:135 tcp
US 216.180.106.173:135 tcp
US 216.180.106.174:135 tcp
US 216.180.106.175:135 tcp
US 216.180.106.176:135 tcp
US 216.180.106.177:135 tcp
US 216.180.106.178:135 tcp
US 216.180.106.179:135 tcp
US 216.180.106.180:135 tcp
US 216.180.106.181:135 tcp
US 216.180.106.182:135 tcp
US 216.180.106.183:135 tcp
US 216.180.106.184:135 tcp
US 216.180.106.185:135 tcp
US 216.180.106.186:135 tcp
US 216.180.106.187:135 tcp
US 216.180.106.188:135 tcp
US 216.180.106.189:135 tcp
US 216.180.106.190:135 tcp
US 216.180.106.191:135 tcp
US 216.180.106.192:135 tcp
US 216.180.106.193:135 tcp
US 216.180.106.194:135 tcp
US 216.180.106.195:135 tcp
US 216.180.106.196:135 tcp
US 216.180.106.197:135 tcp
US 216.180.106.198:135 tcp
US 216.180.106.199:135 tcp
US 216.180.106.200:135 tcp
US 216.180.106.201:135 tcp
US 216.180.106.202:135 tcp
US 216.180.106.203:135 tcp
US 216.180.106.204:135 tcp
US 216.180.106.205:135 tcp
US 216.180.106.206:135 tcp
US 216.180.106.207:135 tcp
US 216.180.106.208:135 tcp
US 216.180.106.209:135 tcp
US 216.180.106.210:135 tcp
US 216.180.106.211:135 tcp
US 216.180.106.212:135 tcp
US 216.180.106.213:135 tcp
US 216.180.106.214:135 tcp
US 216.180.106.215:135 tcp
US 216.180.106.216:135 tcp
US 216.180.106.217:135 tcp
US 216.180.106.218:135 tcp
US 216.180.106.219:135 tcp
US 216.180.106.220:135 tcp
US 216.180.106.221:135 tcp
US 216.180.106.222:135 tcp
US 216.180.106.223:135 tcp
US 216.180.106.224:135 tcp
US 216.180.106.225:135 tcp
US 216.180.106.226:135 tcp
US 216.180.106.227:135 tcp
US 216.180.106.228:135 tcp
US 216.180.106.229:135 tcp
US 216.180.106.230:135 tcp
US 216.180.106.231:135 tcp
US 216.180.106.232:135 tcp
US 216.180.106.233:135 tcp
US 216.180.106.234:135 tcp
US 216.180.106.235:135 tcp
US 216.180.106.236:135 tcp
US 216.180.106.237:135 tcp
US 216.180.106.238:135 tcp
US 216.180.106.239:135 tcp
US 216.180.106.240:135 tcp
US 216.180.106.241:135 tcp
US 216.180.106.242:135 tcp
US 216.180.106.243:135 tcp
US 216.180.106.244:135 tcp
US 216.180.106.245:135 tcp
US 216.180.106.246:135 tcp
US 216.180.106.247:135 tcp
US 216.180.106.248:135 tcp
US 216.180.106.249:135 tcp
US 216.180.106.250:135 tcp
US 216.180.106.251:135 tcp
US 216.180.106.252:135 tcp
US 216.180.106.253:135 tcp
US 216.180.106.254:135 tcp
US 216.180.106.255:135 tcp
US 216.180.107.0:135 tcp
US 216.180.107.1:135 tcp
US 216.180.107.2:135 tcp
US 216.180.107.3:135 tcp
US 216.180.107.4:135 tcp
US 216.180.107.5:135 tcp
US 216.180.107.6:135 tcp
US 216.180.107.7:135 tcp
US 216.180.107.8:135 tcp
US 216.180.107.9:135 tcp
US 216.180.107.10:135 tcp
US 216.180.107.11:135 tcp
US 216.180.107.12:135 tcp
US 216.180.107.13:135 tcp
US 216.180.107.14:135 tcp
US 216.180.107.15:135 tcp
US 216.180.107.16:135 tcp
US 216.180.107.17:135 tcp
US 216.180.107.18:135 tcp
US 216.180.107.19:135 tcp
US 216.180.107.20:135 tcp
US 216.180.107.21:135 tcp
US 216.180.107.22:135 tcp
US 216.180.107.23:135 tcp
US 216.180.107.24:135 tcp
US 216.180.107.25:135 tcp
US 216.180.107.26:135 tcp
US 216.180.107.27:135 tcp
US 216.180.107.28:135 tcp
US 216.180.107.29:135 tcp
US 216.180.107.30:135 tcp
US 216.180.107.31:135 tcp
US 216.180.107.32:135 tcp
US 216.180.107.33:135 tcp
US 216.180.107.34:135 tcp
US 216.180.107.35:135 tcp
US 216.180.107.36:135 tcp
US 216.180.107.37:135 tcp
US 216.180.107.38:135 tcp
US 216.180.107.39:135 tcp
US 216.180.107.40:135 tcp
US 216.180.107.41:135 tcp
US 216.180.107.42:135 tcp
US 216.180.107.43:135 tcp
US 216.180.107.44:135 tcp
US 216.180.107.45:135 tcp
US 216.180.107.46:135 tcp
US 216.180.107.47:135 tcp
US 216.180.107.48:135 tcp
US 216.180.107.49:135 tcp
US 216.180.107.50:135 tcp
US 216.180.107.51:135 tcp
US 216.180.107.52:135 tcp
US 216.180.107.53:135 tcp
US 216.180.107.54:135 tcp
US 216.180.107.55:135 tcp
US 216.180.107.56:135 tcp
US 216.180.107.57:135 tcp
US 216.180.107.58:135 tcp
US 216.180.107.59:135 tcp
US 216.180.107.60:135 tcp
US 216.180.107.61:135 tcp
US 216.180.107.62:135 tcp
US 216.180.107.63:135 tcp
US 216.180.107.64:135 tcp
US 216.180.107.65:135 tcp
US 216.180.107.66:135 tcp
US 216.180.107.67:135 tcp
US 216.180.107.68:135 tcp
US 216.180.107.69:135 tcp
US 216.180.107.70:135 tcp
US 216.180.107.71:135 tcp
US 216.180.107.72:135 tcp
US 216.180.107.73:135 tcp
US 216.180.107.74:135 tcp
US 216.180.107.75:135 tcp
US 216.180.107.76:135 tcp
US 216.180.107.77:135 tcp
US 216.180.107.78:135 tcp
US 216.180.107.79:135 tcp
US 216.180.107.80:135 tcp
US 216.180.107.81:135 tcp
US 216.180.107.82:135 tcp
US 216.180.107.83:135 tcp
US 216.180.107.84:135 tcp
US 216.180.107.85:135 tcp
US 216.180.107.86:135 tcp
US 216.180.107.87:135 tcp
US 216.180.107.88:135 tcp
US 216.180.107.89:135 tcp
US 216.180.107.90:135 tcp
US 216.180.107.91:135 tcp
US 216.180.107.92:135 tcp
US 216.180.107.93:135 tcp
US 216.180.107.94:135 tcp
US 216.180.107.95:135 tcp
US 216.180.107.96:135 tcp
US 216.180.107.97:135 tcp
US 216.180.107.98:135 tcp
US 216.180.107.99:135 tcp
US 216.180.107.100:135 tcp
US 216.180.107.101:135 tcp
US 216.180.107.102:135 tcp
US 216.180.107.103:135 tcp
US 216.180.107.104:135 tcp
US 216.180.107.105:135 tcp
US 216.180.107.106:135 tcp
US 216.180.107.107:135 tcp
US 216.180.107.108:135 tcp
US 216.180.107.109:135 tcp
US 216.180.107.110:135 tcp
US 216.180.107.111:135 tcp
US 216.180.107.112:135 tcp
US 216.180.107.113:135 tcp
US 216.180.107.114:135 tcp
US 216.180.107.115:135 tcp
US 216.180.107.116:135 tcp
US 216.180.107.117:135 tcp
US 216.180.107.118:135 tcp
US 216.180.107.119:135 tcp
US 216.180.107.120:135 tcp
US 216.180.107.121:135 tcp
US 216.180.107.122:135 tcp
US 216.180.107.123:135 tcp
US 216.180.107.124:135 tcp
US 216.180.107.125:135 tcp
US 216.180.107.126:135 tcp
US 216.180.107.127:135 tcp
US 216.180.107.128:135 tcp
US 216.180.107.129:135 tcp
US 216.180.107.130:135 tcp
US 216.180.107.131:135 tcp
US 216.180.107.132:135 tcp
US 216.180.107.133:135 tcp
US 216.180.107.134:135 tcp
US 216.180.107.135:135 tcp
US 216.180.107.136:135 tcp
US 216.180.107.137:135 tcp
US 216.180.107.138:135 tcp
US 216.180.107.139:135 tcp
US 216.180.107.140:135 tcp
US 216.180.107.141:135 tcp
US 216.180.107.142:135 tcp
US 216.180.107.143:135 tcp
US 216.180.107.144:135 tcp
US 216.180.107.145:135 tcp
US 216.180.107.146:135 tcp
US 216.180.107.147:135 tcp
US 216.180.107.148:135 tcp
US 216.180.107.149:135 tcp
US 216.180.107.150:135 tcp
US 216.180.107.151:135 tcp
US 216.180.107.152:135 tcp
US 216.180.107.153:135 tcp
US 216.180.107.154:135 tcp
US 216.180.107.155:135 tcp
US 216.180.107.156:135 tcp
US 216.180.107.157:135 tcp
US 216.180.107.158:135 tcp
US 216.180.107.159:135 tcp
US 216.180.107.160:135 tcp
US 216.180.107.161:135 tcp
US 216.180.107.162:135 tcp
US 216.180.107.163:135 tcp
US 216.180.107.164:135 tcp
US 216.180.107.165:135 tcp
US 216.180.107.166:135 tcp
US 216.180.107.167:135 tcp
US 216.180.107.168:135 tcp
US 216.180.107.169:135 tcp
US 216.180.107.170:135 tcp
US 216.180.107.171:135 tcp
US 216.180.107.172:135 tcp
US 216.180.107.173:135 tcp
US 216.180.107.174:135 tcp
US 216.180.107.175:135 tcp
US 216.180.107.176:135 tcp
US 216.180.107.177:135 tcp
US 216.180.107.178:135 tcp
US 216.180.107.179:135 tcp
US 216.180.107.180:135 tcp
US 216.180.107.181:135 tcp
US 216.180.107.182:135 tcp
US 216.180.107.183:135 tcp
US 216.180.107.184:135 tcp
US 216.180.107.185:135 tcp
US 216.180.107.186:135 tcp
US 216.180.107.187:135 tcp
US 216.180.107.188:135 tcp
US 216.180.107.189:135 tcp
US 216.180.107.190:135 tcp
US 216.180.107.191:135 tcp
US 216.180.107.192:135 tcp
US 216.180.107.193:135 tcp
US 216.180.107.194:135 tcp
US 216.180.107.195:135 tcp
US 216.180.107.196:135 tcp
US 216.180.107.197:135 tcp
US 216.180.107.198:135 tcp
US 216.180.107.199:135 tcp
US 216.180.107.200:135 tcp
US 216.180.107.201:135 tcp
US 216.180.107.202:135 tcp
US 216.180.107.203:135 tcp
US 216.180.107.204:135 tcp
US 216.180.107.205:135 tcp
US 216.180.107.206:135 tcp
US 216.180.107.207:135 tcp
US 216.180.107.208:135 tcp
US 216.180.107.209:135 tcp
US 216.180.107.210:135 tcp
US 216.180.107.211:135 tcp
US 216.180.107.212:135 tcp
US 216.180.107.213:135 tcp
US 216.180.107.214:135 tcp
US 216.180.107.215:135 tcp
US 216.180.107.216:135 tcp
US 216.180.107.217:135 tcp
US 216.180.107.218:135 tcp
US 216.180.107.219:135 tcp
US 216.180.107.220:135 tcp
US 216.180.107.221:135 tcp
US 216.180.107.222:135 tcp
US 216.180.107.223:135 tcp
US 216.180.107.224:135 tcp
US 216.180.107.225:135 tcp
US 216.180.107.226:135 tcp
US 216.180.107.227:135 tcp
US 216.180.107.228:135 tcp
US 216.180.107.229:135 tcp
US 216.180.107.230:135 tcp
US 216.180.107.231:135 tcp
US 216.180.107.232:135 tcp
US 216.180.107.233:135 tcp
US 216.180.107.234:135 tcp
US 216.180.107.235:135 tcp
US 216.180.107.236:135 tcp
US 216.180.107.237:135 tcp
US 216.180.107.238:135 tcp
US 216.180.107.239:135 tcp
US 216.180.107.240:135 tcp
US 216.180.107.241:135 tcp
US 216.180.107.242:135 tcp
US 216.180.107.243:135 tcp
US 216.180.107.244:135 tcp
US 216.180.107.245:135 tcp
US 216.180.107.246:135 tcp
US 216.180.107.247:135 tcp
US 216.180.107.248:135 tcp
US 216.180.107.249:135 tcp
US 216.180.107.250:135 tcp
US 216.180.107.251:135 tcp
US 216.180.107.252:135 tcp
US 216.180.107.253:135 tcp
US 216.180.107.254:135 tcp
US 216.180.107.255:135 tcp
US 216.180.108.0:135 tcp
US 216.180.108.1:135 tcp
US 216.180.108.2:135 tcp
US 216.180.108.3:135 tcp
US 216.180.108.4:135 tcp
US 216.180.108.5:135 tcp
US 216.180.108.6:135 tcp
US 216.180.108.7:135 tcp
US 216.180.108.8:135 tcp
US 216.180.108.9:135 tcp
US 216.180.108.10:135 tcp
US 216.180.108.11:135 tcp
US 216.180.108.12:135 tcp
US 216.180.108.13:135 tcp
US 216.180.108.14:135 tcp
US 216.180.108.15:135 tcp
US 216.180.108.16:135 tcp
US 216.180.108.17:135 tcp
US 216.180.108.18:135 tcp
US 216.180.108.19:135 tcp
US 216.180.108.20:135 tcp
US 216.180.108.21:135 tcp
US 216.180.108.22:135 tcp
US 216.180.108.23:135 tcp
US 216.180.108.24:135 tcp
US 216.180.108.25:135 tcp
US 216.180.108.26:135 tcp
US 216.180.108.27:135 tcp
US 216.180.108.28:135 tcp
US 216.180.108.29:135 tcp
US 216.180.108.30:135 tcp
US 216.180.108.31:135 tcp
US 216.180.108.32:135 tcp
US 216.180.108.33:135 tcp
US 216.180.108.34:135 tcp
US 216.180.108.35:135 tcp
US 216.180.108.36:135 tcp
US 216.180.108.37:135 tcp
US 216.180.108.38:135 tcp
US 216.180.108.39:135 tcp
US 216.180.108.40:135 tcp
US 216.180.108.41:135 tcp
US 216.180.108.42:135 tcp
US 216.180.108.43:135 tcp
US 216.180.108.44:135 tcp
US 216.180.108.45:135 tcp
US 216.180.108.46:135 tcp
US 216.180.108.47:135 tcp
US 216.180.108.48:135 tcp
US 216.180.108.49:135 tcp
US 216.180.108.50:135 tcp
US 216.180.108.51:135 tcp
US 216.180.108.52:135 tcp
US 216.180.108.53:135 tcp
US 216.180.108.54:135 tcp
US 216.180.108.55:135 tcp
US 216.180.108.56:135 tcp
US 216.180.108.57:135 tcp
US 216.180.108.58:135 tcp
US 216.180.108.59:135 tcp
US 216.180.108.60:135 tcp
US 216.180.108.61:135 tcp
US 216.180.108.62:135 tcp
US 216.180.108.63:135 tcp
US 216.180.108.64:135 tcp
US 216.180.108.65:135 tcp
US 216.180.108.66:135 tcp
US 216.180.108.67:135 tcp
US 216.180.108.68:135 tcp
US 216.180.108.69:135 tcp
US 216.180.108.70:135 tcp
US 216.180.108.71:135 tcp
US 216.180.108.72:135 tcp
US 216.180.108.73:135 tcp
US 216.180.108.74:135 tcp
US 216.180.108.75:135 tcp
US 216.180.108.76:135 tcp
US 216.180.108.77:135 tcp
US 216.180.108.78:135 tcp
US 216.180.108.79:135 tcp
US 216.180.108.80:135 tcp
US 216.180.108.81:135 tcp
US 216.180.108.82:135 tcp
US 216.180.108.83:135 tcp
US 216.180.108.84:135 tcp
US 216.180.108.85:135 tcp
US 216.180.108.86:135 tcp
US 216.180.108.87:135 tcp
US 216.180.108.88:135 tcp
US 216.180.108.89:135 tcp
US 216.180.108.90:135 tcp
US 216.180.108.91:135 tcp
US 216.180.108.92:135 tcp
US 216.180.108.93:135 tcp
US 216.180.108.94:135 tcp
US 216.180.108.95:135 tcp
US 216.180.108.96:135 tcp
US 216.180.108.97:135 tcp
US 216.180.108.98:135 tcp
US 216.180.108.99:135 tcp
US 216.180.108.100:135 tcp
US 216.180.108.101:135 tcp
US 216.180.108.102:135 tcp
US 216.180.108.103:135 tcp
US 216.180.108.104:135 tcp
US 216.180.108.105:135 tcp
US 216.180.108.106:135 tcp
US 216.180.108.107:135 tcp
US 216.180.108.108:135 tcp
US 216.180.108.109:135 tcp
US 216.180.108.110:135 tcp
US 216.180.108.111:135 tcp
US 216.180.108.112:135 tcp
US 216.180.108.113:135 tcp
US 216.180.108.114:135 tcp
US 216.180.108.115:135 tcp
US 216.180.108.116:135 tcp
US 216.180.108.117:135 tcp
US 216.180.108.118:135 tcp
US 216.180.108.119:135 tcp
US 216.180.108.120:135 tcp
US 216.180.108.121:135 tcp
US 216.180.108.122:135 tcp
US 216.180.108.123:135 tcp
US 216.180.108.124:135 tcp
US 216.180.108.125:135 tcp
US 216.180.108.126:135 tcp
US 216.180.108.127:135 tcp
US 216.180.108.128:135 tcp
US 216.180.108.129:135 tcp
US 216.180.108.130:135 tcp
US 216.180.108.131:135 tcp
US 216.180.108.132:135 tcp
US 216.180.108.133:135 tcp
US 216.180.108.134:135 tcp
US 216.180.108.135:135 tcp
US 216.180.108.136:135 tcp
US 216.180.108.137:135 tcp
US 216.180.108.138:135 tcp
US 216.180.108.139:135 tcp
US 216.180.108.140:135 tcp
US 216.180.108.141:135 tcp
US 216.180.108.142:135 tcp
US 216.180.108.143:135 tcp
US 216.180.108.144:135 tcp
US 216.180.108.145:135 tcp
US 216.180.108.146:135 tcp
US 216.180.108.147:135 tcp
US 216.180.108.148:135 tcp
US 216.180.108.149:135 tcp
US 216.180.108.150:135 tcp
US 216.180.108.151:135 tcp
US 216.180.108.152:135 tcp
US 216.180.108.153:135 tcp
US 216.180.108.154:135 tcp
US 216.180.108.155:135 tcp
US 216.180.108.156:135 tcp
US 216.180.108.157:135 tcp
US 216.180.108.158:135 tcp
US 216.180.108.159:135 tcp
US 216.180.108.160:135 tcp
US 216.180.108.161:135 tcp
US 216.180.108.162:135 tcp
US 216.180.108.163:135 tcp
US 216.180.108.164:135 tcp
US 216.180.108.165:135 tcp
US 216.180.108.166:135 tcp
US 216.180.108.167:135 tcp
US 216.180.108.168:135 tcp
US 216.180.108.169:135 tcp
US 216.180.108.170:135 tcp
US 216.180.108.171:135 tcp
US 216.180.108.172:135 tcp
US 216.180.108.173:135 tcp
US 216.180.108.174:135 tcp
US 216.180.108.175:135 tcp
US 216.180.108.176:135 tcp
US 216.180.108.177:135 tcp
US 216.180.108.178:135 tcp
US 216.180.108.179:135 tcp
US 216.180.108.180:135 tcp
US 216.180.108.181:135 tcp
US 216.180.108.182:135 tcp
US 216.180.108.183:135 tcp
US 216.180.108.184:135 tcp
US 216.180.108.185:135 tcp
US 216.180.108.186:135 tcp
US 216.180.108.187:135 tcp
US 216.180.108.188:135 tcp
US 216.180.108.189:135 tcp
US 216.180.108.190:135 tcp
US 216.180.108.191:135 tcp
US 216.180.108.192:135 tcp

Files

memory/2000-0-0x0000000000400000-0x0000000000413000-memory.dmp

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe

MD5 340fb17a66fc74230e3c88438bb0cd68
SHA1 1ca86e8c95a8da91d422f51bddf6dc868d71fffc
SHA256 893ab96a06242049bdf42a6d60316bac256f96e63db3504ddd6f6091bd748b27
SHA512 6199666dee3754115ad6fa2050d65afb7885a890e9e76dd99dadf061779a0870488f0c8d314217c9a04b8737c3578294bc2d467e1051a931c599dfd9588d01ce

C:\Users\Admin\AppData\Local\Temp\Cab7072.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar71E0.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f012f8ebd0852b07ac73e4aec58229c
SHA1 e7246a951bac39e75cffe0fa3af2e9f7a566e030
SHA256 c6427d5eff8324f01f3a2c11f32d35c63e03a24541473a6eb3daa998f7b3f09b
SHA512 33b30b09947565c2f05124db9b33d61584c0fa20c9317ed1298a3e47ffc20ff5d0279414e158a8334845089697e17081707e77864534822654cff108d1516e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7e3af80835b15692a28f6f93aaefda3
SHA1 50204908184a3d626d74325b40e817e1bef7d3e6
SHA256 4a6cd8258344a953413ec3ad31a92a6676e39e99fe6087bbf66850b1792b2a9c
SHA512 e6188119f6212b9d03e00e1c20a9d2dc3bc10161770e1686c7c323619356fe8afaa790b5c2eaac4e5a79a6b046646a8ee55214bf488dc2b7bb0b1468acd804a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a44ebe2399c09ee07799c25eedef4187
SHA1 97f7c83dd519f27df53737c66ac3f20522877463
SHA256 63d8dfd9e59c68fba0aa8b315583922af117a40b880dfdbea4c8b748a9511008
SHA512 cb5bce4e7ff08b908e9da35c1854edee0632c19699773986f7ffa53665aabfbce77b44892ebe5ea6015c2c6fcc66bd5593a12416c64c57b813abbb2df957d18e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe7ee77cb15f8232accda5f1b32a43b1
SHA1 cf5d31e149fef087e57bda39efe09510ed2ae852
SHA256 46aadae883b31df11fd9be3bd4189420b62c446c1ad1464d38e5f313ae8616e9
SHA512 a5e98c5b25b184d0d21c91be8b3d26c47536a7dac00641a6d1adc8483cb1607c71c2379aadde7f62f6f14e2cf7746126c10a9c5f2ab42de3d3ab9ca8b24d8282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fabcade13b571e9e8f733945bee19096
SHA1 3c7e48c095a331b0949be7a20ad0934973d0ad45
SHA256 018b00419284a710aabc955f6acf419b16fb3bc2882d6b62c953f44a680b0c50
SHA512 0dd458df6939ec0374550c5f9f26ea84dce7df3691366337330b45d490a27446255fe0909fc72cc5d61919ba13a575a48e70937636648c22821d87686f3760df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 094c7c40ecba7e2f9a1cf3664b4d4739
SHA1 517c56f569a3e9350c7430098160d043b71b01bd
SHA256 052e8bf93544df3500118eb84d539fdf2bf43c75edc3144ef94859477d13fdb1
SHA512 7516fd6e664318badf18c74e148eadc71a18c6ee3d9b0c584b8098d4e7d54f4efb00cf57799948e742107637ed690d8785a078f6d0775a3f5b7be700cd8480d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98ea71280b54c33825d78ac6c7771068
SHA1 1325dff08519d0021aa0df3cd27bda9a9fe2d352
SHA256 6d46ee992fdeebe7f899791a7f738ea8ea9aeb0e52fd285e0aad2d26293f6f78
SHA512 531c0717eaf77aa07a64f5d7b2b2255b9aab5ec6fa4d117c72d255c7fb23a173247f96380e3d0e5aa6dedfbe9d35249f360bd49c6c94cacf8f26d4dfea892524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 300c1e5d352ca261798f9673d9fdbf64
SHA1 ce4ec48415c7e6df6f5d604c30aff1a7ceae97c3
SHA256 d682e035c6c3a658c78b337a56573c753bae83e9fd2438ac011bfc0126070ed0
SHA512 99fec3b930a84b6e9ca4271463ea744c296c08296d6f02d4b43d11672e28c4d45b6574460e77881b57475cab9449bbd5a86f1908fe56fb0529af41d25c404303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8002d77b0e39b6afb4481306f236e40d
SHA1 343e0266fc34226ae98d67e97850aa9e165a5524
SHA256 1d003a3eaf655c33317495fbe12034d601aa63c3a7427e0289ac8c55fbdbcd3b
SHA512 e7989618cefa377431a90bca45f80d762bbf13a882af160a4f1cf2545590356342dfeeb0bde2e48def0844216d3132eb098cfed30eb91abc16869a1d3ee9bac8

memory/2000-3200-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ff2d303bcd44137cdfd94d3e4070c3c
SHA1 12e31162dcfe2fde0da5daa014517b5a3bf8e2a2
SHA256 b1c90425ae709367cec6979c8a55b63d6d89029f6e54a252f5e846c8f6c1f649
SHA512 b7e4a4ee262911ba0f8f89ab2eb22fa60c8764d1d9a1d63e87a13a9faa3a3b3bfafea6eba386d7dfa8e01a0f60f6545f1d1eed9652bc10a0812ca4805394519d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1a2e3b53dfe3b01e8b0be2ae330a760
SHA1 d49b225793e4ee80f736fc43e2738606b5f797e5
SHA256 a0f1626f1c7bb80b0781bf9ed83b531c1f319d3ae3cbc28a998376af74f3745d
SHA512 45171cce11ee679c4b7ba4ac458d5df34aab614bc8d03cf6357f371333d268bcad28dadf31e3bae712b8d7840444ff11d9db0c075e0ee1df63d957b48dfbd1c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 720ae9c657c785243f7391528e60574e
SHA1 d2ddde44c726d8235a13a1f607537991ac96cf51
SHA256 30de53b2556ff1c06a5f883a608c789963b2198783fc552088e1b2c7bb138b74
SHA512 a6142fcb1dfa47e1953d218516f9e0cc15ceff228647d1b9b2844dde6fcb601b52ff04350f251c5cb6679336fc963c42842eba08ddd6b96342bad14098742612

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6dc1002b210849b4fb057c755dddeae
SHA1 6f838d082337850ee7a533e6e1040425d4cf2801
SHA256 cc2c20289cf4963bf32bcc020d95aadfdeb39e67e891763c2fabffec12f9763d
SHA512 354fa302092085d4734708fff99a89ae573a491beaf4b35fafb47cf69ce56011b1e530cb117f3d6981e8463d166aa6f919b0d03b2872ce39741e2106740be332

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 859178c80d99f9dded579a7c368215a7
SHA1 403478a5e5d55e739f30a34494e0cd6656aaeefd
SHA256 ba0d37e4b1488b856d416f3d4fb6ef623277b823f452d440b30bc10827ea8fd3
SHA512 ac0096311bbe4f4ca4fd22c52d16f4e9ffd88e1234311e79d6853867243519b567a319e11c75b462283ddef66ba5ae7e8c426dc90ea59ecc9bede273d0713f51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d73f0e34b79df6a334326efa0b6f59c
SHA1 1a97730da09b21d27d0f0a908b9771efd077a4a9
SHA256 f0a033e08f702d8db8fccd48f5f494e929c2080e621b96382d0653e42d7a3a51
SHA512 270147abd86b0ca6ed537d4fa759f78f7844ff958824c06d7bae33cec2eb892584f7cecb71256c95948bf387d73f659cf0f453e351abb230899dcd952e73140a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36fd1c14a124d4991c0bc1ab89e8f732
SHA1 774350c5fa86d80bd5689fbe771d3a1ed5323941
SHA256 6f4c8abca836c325c7d655a0767253cc4f6d2f93523e77f45b6f0f02f984dd39
SHA512 e59fa24acff4ac2042603883ed48b99cb7a4a55c80b0cde6e2a3807175f58000bc76e8ef5aa46b6fd6c900269399758b1f7b38727c09a4086a7152683b5a36f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf18f89354f8a16faa8fee8fafcff4de
SHA1 328f4cc4b3076f62263bfb1a7d15624362900bb8
SHA256 7b31c132534f370f35749bea89d085cf5c4e37861b9fa27bf4ba5449d61f9e37
SHA512 21b4397590ad69064605c0e0419bb8fe933e9b8788551df12ec3db3cdcaa8b08bd9244760c6a7d7f603b7ad7b990f813841049ffef8504806eb336abeea766f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8eb47d5f42af1c7fcac354b61372924c
SHA1 d8d16f4c26de84699855287a9d586018053b0baa
SHA256 5e73ee89bac3a6061952f290e62da1e0ec72c1087a1ddc68c91c6ab64e95c199
SHA512 2ed178deeca345fef7e10955721360e859522ad3f316e465e60ae58472a129f682915eaacfbd06c31206be86c90e6883c94f820b9ab25755d6b9b9253ebdd697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 894c53ed2a562496863c72d9c7e229cd
SHA1 a6e92ad0b86073ceea4bcbda57c38a01b23b929e
SHA256 04cb41a200fa3f0859283d697c77c4dad6fcb6bb4a8b4df516d1629b25a7ec1e
SHA512 8fe88fcc3a31cb7204ebfd523a1e653faf75dda55eaf518cb4c6f3c8caf834c58e38b99ed0dd9cddb6c6e6b6277dd6bd9034a650e84fb8332d84b5ab27816ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70092f393cb943f42cc57d8f520718e
SHA1 bb8906bd04f2f727f7f094d23c109e7087ba6d0e
SHA256 f0930d6eaa417ac23c6ea8914c0f5df1fc4738183ab6c343ad42594c08344dae
SHA512 c006af55c10a1d80f9ba722dab57c175a8df8a794bb05d1938380fc0ba92b26d233a3095270a5fe4147e55c64e783626d7a64c93c25822a4d6c701abcf9ebcfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c5b6995a94d60101b1ecef292030b1b
SHA1 7f3a49f702b8235338994e0e8fe99eea52b8668b
SHA256 939c9855408cde45d62b89f53c7064e2af070e332094a0a96aefff1e71f659cf
SHA512 9ddd579079e66ffa34824596869984fdc1e906ebfc058848555e4bba73e4aef38faff37932e3d44b8ee346c7ff1ff515e3054ed66171d638a5a2b811a2eeaceb

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:55

Reported

2024-04-03 18:58

Platform

win10v2004-20240226-en

Max time kernel

159s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\clip.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\colorcpl.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\comrepl.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\agentactivationruntimestarter.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\AtBroker.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\BackgroundTransferHost.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cmdl32.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cttunesvr.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\curl.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ByteCodeGenerator.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CameraSettingsUIHost.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cmmon32.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cttune.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\autofmt.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bootcfg.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\charmap.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CredentialUIBroker.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cscript.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\attrib.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cliconfg.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\convert.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\chkntfs.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cipher.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\MigRegDB.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\compact.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\control.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\agentactivationruntimestarter.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\auditpol.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CheckNetIsolation.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\certreq.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\certutil.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\chcp.com- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cscript.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cttunesvr.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\calc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CameraSettingsUIHost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\certreq.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\at.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\auditpol.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ctfmon.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\appidtel.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cacls.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\credwiz.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\control.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\bootcfg.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\comrepl.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cmstp.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\colorcpl.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\comp.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\appidtel.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ARP.EXE C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\BackgroundTransferHost.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cleanmgr.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\colorcpl.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\Com\MigRegDB.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cacls.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CertEnrollCtrl.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\CertEnrollCtrl.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cttunesvr.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\chkdsk.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\cliconfg.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\convert.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\ComputerDefaults.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.17\MicrosoftEdgeUpdateSetup_X86_1.3.185.17.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Windows Mail\wab.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\EnableRequest.bat C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\codecpacks.VP9.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotd.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{A57FE46C-6BD7-4436-B4ED-1F7F22B87421}\chrome_installer.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Build.bat C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msoia.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Internet Explorer\ielowutil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\View3D.ResourceResolver.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.EXE- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\wmprph.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jjs.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jmap.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Photo Viewer\ImagingDevices.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Acrobat_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\onenoteshare.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\HelpPane.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\servicing\TrustedInstaller.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\dfsvc\v4.0_4.0.0.0__b03f5f7f11d50a3a\dfsvc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\hh.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\_4bitmapibroker.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\sysmon.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\explorer.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\ImmersiveControlPanel\SystemSettings.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\wow_helper.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Speech\Common\sapisvr.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\acrobroker.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\splwow64.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\ImmersiveControlPanel\SystemSettings.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe_ C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe- C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07186b2f885da01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06629baf885da01 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3125312376" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2953750569" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31098360" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418935564" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3125312376" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31098360" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31098360" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{D752D711-F1EB-11EE-B49E-CE945492B8DF} = "0" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2953750569" C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a6b2c30d55de341b3e799a3c014a782000000000200000000001066000000010000200000002126d07b4b31fd4447e1df4614cc374c6d5713c15be25677322abfd5276e6b95000000000e80000000020000200000000c631b3e3adfb9ccbfb66e1f6fd1f2e4439c0f742278bd938aee4b069b03745620000000770305ae34af5bee05037463462b2379b0c9ccba04f3b066d6d22797551033124000000079e0d8de8ad46d50c63df965a00b52abcbdcce7705ccf7d019380c38986a946884e531877832b256e19ab17e52cec5b01b2dfbedbc79c9f113727a31657fba43 C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004a6b2c30d55de341b3e799a3c014a78200000000020000000000106600000001000020000000a4edd39a34111de2e9b096dc82d584b74001b76df6470622dd0c24c0fddef422000000000e80000000020000200000001728dcce46bc8db40e95c903653b8fbdc5dd3a67328011fd6507e658d19f949120000000e84c8a8ede44f68ac3f7ee1e3dce3687ee60b78e2d3644e1610cb635791ac68640000000299b5e0cdc7ada040b2c71d5abb40ed489d0202853f1d3e45feed6a86d142ccd3b05ebfdde4c0601e60210c17757f59a86d0ece3b7da71f3e5debdd9e77f660f C:\Program Files\Internet Explorer\IEXPLORE.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31098360" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a3f438a8e89dab04e2649de7e6e9ffa1_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.exe

"C:\Program Files\Internet Explorer\IEXPLORE" 212.33.237.86/images/1/report.php

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5040 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
RU 212.33.237.86:80 tcp
RU 212.33.237.86:80 tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.65.42.20.in-addr.arpa udp

Files

memory/2044-0-0x0000000000400000-0x0000000000413000-memory.dmp

C:\odt\office2016setup.exe

MD5 7d0d120f96941ca3c3248a5a66f7a69b
SHA1 56b21365b675469401168f3b10522533932b6d95
SHA256 262157bbc0bcc008a924b15e73c44aab02f2d2cfb4142c9a8b58f84b1a1ccf03
SHA512 565c2dc183f9b4748668fb264d50b270bb52bef9662e6f11dbe729db7ae0d2a0d0bae1925a6ae2f0fcf9ca7339048b5993eefc69afd87c1e10192c3d850a5e57

memory/2044-1940-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 0fcdd391bad79fbbab9a6e5102377a8b
SHA1 a6e434b007f54fb3f6383a86bb76231f5a6831c6
SHA256 8a8a1c2115ea90a574a9117e799089b0445155b5d8b4f361e3c840fcb64c9377
SHA512 41d3a672880304c05ccf76d95c87f5b240d11313e528f0e675f620bcd48fbea1d4f704e4d2161b24f5dc997f822422b957065efbb2d99ea8b2474061f147629b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c313b5e0669bd1976c1cf16d76f347ea
SHA1 74af3f06c73e92b045e1ed766bd602dc28e2b475
SHA256 abd62bf4b471077f24d1248ae65e60b061d022431e54959e68f6e6685a392fb1
SHA512 2e74b4e69ec415e46a45ed98e7aa7c9149b9921b5ba07d52bcd0c6777e35e8b6db827a3b237df846c0b217e6ab144c276f48d1a95edb5b2d2a70d5570af891bf

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver6F3F.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FILN3D3Q\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee