Malware Analysis Report

2025-03-14 22:36

Sample ID 240406-r2taxace8y
Target e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118
SHA256 e3d39eb60c85c6e9cab923236095cec9848af72c884a5a2e259abba6805ddb26
Tags
persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

e3d39eb60c85c6e9cab923236095cec9848af72c884a5a2e259abba6805ddb26

Threat Level: Likely malicious

The file e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

persistence upx

Modifies Installed Components in the registry

UPX packed file

Checks computer location settings

Deletes itself

Enumerates connected drives

AutoIT Executable

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Runs ping.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 14:41

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 14:41

Reported

2024-04-06 14:44

Platform

win7-20240221-en

Max time kernel

133s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WinRAR\winrar.jse C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
File opened for modification C:\Program Files\WinRAR\winrar.jse C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d91d953088da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000724a3b0d302d88b0cde27a5cf5885dde43a8b6db3ee47edcbf4ffe2ef8e60c32000000000e8000000002000020000000a4081c46d495627f751765028bf8afe74be0ffe5731052ff0efe6a68cfb8bba09000000002a5340c12aa3a8e2e4cf2f43ebcdc8f736a41f516a346b4e1fc9fe1a2aad2118fd8bdb124f52c88ea05cdbf31fe82fc536a3ca1a704fa63e3e13ab10c178cf8d613163bed58eace3f7dd7ba818b8b09bc93bd1200690a5d78cb582f8f0927b93590a096e0a92c1bcee8bdc11a2edd0a6315c275229ae18b25486448e457b80ebc8fe499d8e7064d5f48459cef29765f400000001b3823eb77240481f44b8ece95a3663420e5387d6b74269defe85b19d46dfa39d58e63e977da00977b83774a85b51a7d014cdc99d0bc635521b8123455b89359 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418576381" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD8AEA51-F423-11EE-9511-66DD11CD6629} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000fcf2b99263df82399f9da6a7e9406917e92193cbc4f7d66a5adac4b2a12777b7000000000e80000000020000200000007dd6baa66152dd809c84cafcb99048019443e90f0ae751975aade481c2e709f9200000004fcec8b0e19fa98d1ec1ce450aeed3f8469009237c5ceac4ed174a01c6854a7a40000000e415aad089060c57cb26932a478f33c5849d2ba91360238acb0f5ad289752ff9d3bd7c3f57aca116fd6a93d98a17056684d0113938e99b1cc7ad93a221ee061f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex\IconHandler C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\NeverShowExt C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\url.dll,0" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\CLSID C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell\open\command\ = "WScript.exe \"C:\\Program Files (x86)\\Winrar\\winrar.jse\" \"%1\"" C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mmc\ = "mmcfile" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex\ContextMenuHandlers C:\Windows\SysWOW64\WScript.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell\open\CLSID = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.mmc C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\ = "¿ì½Ý·½Ê½" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell\open C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell\open\command C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\IsShortcut C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shell\ = "open" C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex\IconHandler\ = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\DefaultIcon C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\CLSID\ = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex\ContextMenuHandlers\ C:\Windows\SysWOW64\WScript.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1152 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 1152 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 1152 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 1152 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 2192 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2192 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2192 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2192 wrote to memory of 2728 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1152 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1152 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1152 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1152 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2772 wrote to memory of 2768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2772 wrote to memory of 2768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2772 wrote to memory of 2768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2772 wrote to memory of 2768 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2728 wrote to memory of 1148 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 1148 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 1148 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2728 wrote to memory of 1148 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

C:\Windows\SysWOW64\PING.EXE

ping -n 4 127.1

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2

C:\Windows\explorer.exe

explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.go2000.com udp
US 3.33.130.190:80 www.go2000.com tcp
US 3.33.130.190:80 www.go2000.com tcp
US 3.33.130.190:443 www.go2000.com tcp
US 3.33.130.190:443 www.go2000.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/1152-0-0x0000000000400000-0x00000000004B1000-memory.dmp

C:\Program Files\WinRAR\winrar.jse

MD5 9208c38b58c7c7114f3149591580b980
SHA1 8154bdee622a386894636b7db046744724c3fc2b
SHA256 cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512 a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc

MD5 a0c4d2f989198272c1e2593e65c9c6cb
SHA1 0fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256 f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512 209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc

MD5 b0ad7e59754e8d953129437b08846b5f
SHA1 9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256 cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA512 53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

memory/1152-35-0x0000000000400000-0x00000000004B1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarC0D6.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/2376-246-0x0000000004100000-0x0000000004101000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75ca76fbb8d38ae656e1a1e7c7e992ec
SHA1 5e84878222dab3ef6f85677c4d10399274d2c056
SHA256 5ea293ccc6a297f0b1eb72ac2f88a8c46a6cf21b9b877a1360bbafb162ec26b6
SHA512 e5631889386a2d6cf25ecd4e6d013b569c2426cacf45e40abb0fd8e985a6e12dc0cd7138cf34e6e28f1462855849e282e2b53a1df6a8c322413ce724fe218e26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 933308be507e47e0ddb8e6e77fec12c6
SHA1 3a1b1de34a4a112e4cea8b9e65d76faf70e9cbb7
SHA256 9f95e0c6ac82f90db327e07f88457fcabb3349df503a9ee0a252d1d8ffcd72cd
SHA512 b16021dabdc7c2a06d86d2996f71a869893d0efab37fd07bda981481133399858059cab020cdb6a15f151b8b9cd1acc844b0b82b5511831c5e727ad13478a4cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd402f2ae1b02cc7a01e8e7beedc9c07
SHA1 2abf63d1f50c22e67a38a2315c098260121006f2
SHA256 04e982814c5f9760a35066cab1ad3531524371d64176c6e2990d23994743be5c
SHA512 7cc654e9467dffa8d4611e2819aeba395b7ab31df45d79774c72e16f3dc2d4d6e1e6a0f175a0d038cc96dd40f0e55a42c09560d21de123c00c5957fbc86e79d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edca3f52a67e027988a27886fd1bafa4
SHA1 fa3763ceabace0856ba2aa45a7ae270bd7935223
SHA256 adce642587fabc8277e24d02fcfa448923cbb6e1e309e415516f956bb1a33e6b
SHA512 e3f5639b95bfaaa16f640f90ec1eda34b492ed72ca0b33516b8f0dab7b65b634c4c84d24da6849990825222325a96864b775982ef1edf766479686b2cf6af4d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9c2c9b82d892c0462966a8c2ee32f14
SHA1 f007207dba9b1cc7089d23e8d38750fbfad202a7
SHA256 eda42d304d00e1c2e5a8cc8a1b278c09487bdd7cf9fe2f0d3a76693323f35b04
SHA512 feb1a124432620120800c7676eee3a2c26cd4309686309702cef2590ac9dc2b77e487c1e03f49f5fe87daf376eba9d1b8ace58fabd8df477a666d5f3b54eb9a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f8c50f637da526ea2c2dbcf21b655db
SHA1 60a3a2fabc481754606c240e85ba121e4d67ce54
SHA256 5fca8831d035adfad0852c5cda196d167148bdc274b6a76def4c29df844b61bc
SHA512 d89404e12385bf8014d54fa9f4bab67ae9e925a4795cbc7a0744ef3c0bec69c9de55dc53cc530c5ff5ae83f01dbb121c1a6260d553162c5a51bf327a567c90e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2910ceac55cd92b7effb8fccb87647cd
SHA1 bcaa3cda88aa7c5afb004ff332150ad186123f76
SHA256 2bbe9d6d1630ff994943376d34ef95f3952c4d3d496a666e097d58439e2989d3
SHA512 428cd2210dcb1b365b1abbb17d9533074b1d8b362f2bf0a9465f689bc1ae144594961ca96b8a2d2da6a9a9ffba05d20db843fcbe403ff09946e4ee17756d1867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d64c6e3c4d9e8b90fabc2c4909113a90
SHA1 1165a421d444d581c7db6b2a7adafaa3ef229d24
SHA256 0decfa7717fcbbb8874ebb328595d1261d52388b19ade7a8b3db53bdd0407187
SHA512 268381ab1b4a832ad6af2950bb112348cf8c9f6ce088b7bf599e0675ee31765c12fb0dad70aa236f93f84d4e0009e0f202173413084606d3e4405d30bc8f50a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c541d847ee02703ea92073bc5a1d1747
SHA1 ad8114ca09714a51dfcc623d45dc391d8291d088
SHA256 7b43b4bc865bb8394faddbdb28f565062d2daf90dd674e6f5e1873be5c55c86c
SHA512 8f7ea66ba5f9b4fb81e3a2889a212299b913c7517439d67fb2b15130f260f36edaa043d0e5b0513f8ee66682190f1ebd804897afb55b95cc4fe0863a64fba16e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c686215cd16ce635c4a8b29408b7fbe
SHA1 a2c49ea1625be7cde6ff1f504372ff4549aadea3
SHA256 c7f58522774a5581a46e46af74e3c5efadb4e776c0049ebce8865eda4233ad7f
SHA512 1d5a7841ce189991713953da04aeabce0e0160ef3e3dd51d4c9de9b90a8faeee22b1b6a0edfa4e956f800563797702d79985e2d2c972355d514b01940aeae7ad

memory/2376-677-0x0000000004100000-0x0000000004101000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479b76e6ddf29f182b14224b8e8d3de6
SHA1 3f7e9eee98ef9119bd985e7f0d950faaf9b435d3
SHA256 866955a2ed6da21db8860d6a86bd7f781a73f823c9896c123d96d050797dfc99
SHA512 4dc111ebb2af1e79b6875285c5ac9529f2e024b93aad9d02a9a5b2ac3e33e67dee333a482720aecf8d108fcc79756679c398f2989f63e500ce81b814eedf0266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60210e9d21eebf60c25dbab8e5667dcc
SHA1 3feef8ff8d74231326e4713d4fb666c98dd51839
SHA256 dc3dcb0b8f1e57b5afdf127b58eccddf6643da1cfa44538f128edae8b1db063e
SHA512 5b628ae76b8315fd86eb7d8a17c9f5023f1c5d7b6069968c64c9f06f65439d9fff74baf38ccdb41f55a5db4c1867879d6541c520b3c12d060550c162cfec65a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb3d085f890489c51cc0185c0791565b
SHA1 cbd784223bceef6ac73c0b97e1a52476da191f59
SHA256 fd5b967b6ca102608fcf71ff696c73115297f5759ff93b6775a470b12286f43b
SHA512 ba3049a7aada6952cc19e046c1bb040cd9fc4754aad1b8c7ae84020eada72728e95a33038843a0aae60d85ae5dbc965a15e989682ccecf3962616a70689407e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c3e9c02587cc908ceb026ea85467a13
SHA1 99f4691885213fa8f03b4fa6ed4e4b9e36f715d0
SHA256 83886f42a13ae168867688fed8ea16ab6f15a1444cddb3ad85a0c41dfaea84da
SHA512 0e76a30e10e72de9db67012421267b6934bfaddd3bac94af2678f7f0c78b1f5067eff0c60b080fb36f121b1177e6735f47478091403c875804827efce464e26a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4cd516160f09c299857230dc96d93d6
SHA1 8fac53a2270ba70520e52757ad08f8240bc82a42
SHA256 a2c5edfa4380a5dba5719c2aebaf357bfe141a74e06c6d6f9f0a374e4d3d96fc
SHA512 307243cfce0803233f8a89f306905ed3d1cc361715083132cceb4947f3ee48abbbd164d197b567b8b8cd10e13778eec0188debdbc79fd6a2db85e61da2f6e4fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29d442a3134e372376c622930e02987c
SHA1 f0126f9d8d7a221a8215559267465c9199c94ce7
SHA256 6ccb40d7dfb37843abddd7b901a34a0396885c3a24ff1b193a9c47ab86cd8564
SHA512 a5d546a4171c53ccbcf117ced50dacfbff9586d8234f7f13c80950ba5587a9ceb64fcc1806d8d6c76123005eb7236ffc2131196de0da60f24cbd9511c2e776e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b030d01eb40daccf7475c6290a497471
SHA1 4ec2519f5e43ddf9ed4a15740c21881e4be986f6
SHA256 31424c9377ac90240e87b0a7d544c1d42626af495dda7678e1cb5fd636265e1f
SHA512 a262175f5f89208c9e655c68608466027294452df89c2e9c9244e6d053eda63719a74b28201c26c6b9fdaf5438d91bb8d94e45678147135afc30d779cd6f1739

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1779fd7ed66419e0a1d32106626826d
SHA1 7d54c4da85eb7ebbbdb8b6882a6f1ac9d93c5276
SHA256 1b5d17df02444674d45850ced465975c7dadedb22077e0a4c7963823acfc0800
SHA512 71fbc68effb2daf55688438a42e386b92568ac0e9b797720c138392842e3f01590a1bcc52469cfdd405514d9f52b39631572b26316508304b175741fa8f054f2

memory/2376-1113-0x0000000002720000-0x0000000002730000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 14:41

Reported

2024-04-06 14:44

Platform

win10v2004-20240226-en

Max time kernel

68s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

Signatures

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\WinRAR\winrar.jse C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
File created C:\Program Files\WinRAR\winrar.jse C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2738256003" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31098928" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2734506215" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CE8C8E8A-F423-11EE-9216-5A176B010E55} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31098928" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb81c2d97e83014aa839d28a6b89bdd4000000000200000000001066000000010000200000007d3bd278c5bd08d59737cf3d7ef04f8b4292ce03599055ae9ebd112622ea2edc000000000e800000000200002000000011a5b236ef7dab1838e4c8d3e3a24ccc029f919a62492c80f2a03c0eec0db112200000008416205ddf73e663e2664e18f568864ca04127ccf0ef25a0ca79f7fb7b604e3a40000000497edb826367d8a4c677edf01da903e831a8b5f9fcb83c16f3ceea88673581f03b1ccab4093c9608621701c2d596ea4323c5f6afc4868f49fb3bf91808c49da4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31098928" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2734506215" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0730b933088da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{E01F2FBB-FCBF-44F7-B4D7-8D7184354B18} C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{A8377C48-1FA9-4112-A99C-FC40E9EF82F6} C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\shellex\IconHandler\ = "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" C:\Windows\SysWOW64\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eik = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\NeverShowExt C:\Windows\SysWOW64\WScript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mmcfile\DefaultIcon\ = "%SystemRoot%\\SysWow64\\url.dll,0" C:\Windows\SysWOW64\WScript.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{CCC2C18D-DDEE-48FA-BF82-B9BD4403ACDC} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\ApplicationFrame\Microsoft.Windows.PeopleExperienceHos = 6801000088020000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{03BD5D49-4290-4015-895D-8414C7F3A836} C:\Windows\explorer.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 1968 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 1968 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\WScript.exe
PID 2564 wrote to memory of 1168 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2564 wrote to memory of 1168 N/A C:\Windows\SysWOW64\WScript.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1968 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1968 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1968 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1168 wrote to memory of 1700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1168 wrote to memory of 1700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1168 wrote to memory of 1700 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3328 wrote to memory of 3360 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3328 wrote to memory of 3360 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 3328 wrote to memory of 3360 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"

C:\Windows\explorer.exe

explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\e2c3b908f6ad0b09754a3ffedd9b745b_JaffaCakes118.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:2

C:\Windows\SysWOW64\PING.EXE

ping -n 4 127.1

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.go2000.com udp
US 3.33.130.190:80 www.go2000.com tcp
US 3.33.130.190:80 www.go2000.com tcp
US 3.33.130.190:443 www.go2000.com tcp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img1.wsimg.com udp
DE 172.217.16.196:443 www.google.com tcp
DE 172.217.16.196:443 www.google.com tcp
DE 2.16.6.20:443 img1.wsimg.com tcp
DE 2.16.6.20:443 img1.wsimg.com tcp
US 8.8.8.8:53 ocsp.starfieldtech.com udp
US 192.124.249.41:80 ocsp.starfieldtech.com tcp
US 8.8.8.8:53 196.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 20.6.16.2.in-addr.arpa udp
US 8.8.8.8:53 99.18.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 28.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 136.211.222.173.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp

Files

memory/1968-0-0x0000000000400000-0x00000000004B1000-memory.dmp

C:\Program Files\WinRAR\winrar.jse

MD5 9208c38b58c7c7114f3149591580b980
SHA1 8154bdee622a386894636b7db046744724c3fc2b
SHA256 cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c
SHA512 a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc

MD5 a0c4d2f989198272c1e2593e65c9c6cb
SHA1 0fa5cf2c05483bb89b611e0de9db674e9d53389c
SHA256 f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23
SHA512 209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc

MD5 b0ad7e59754e8d953129437b08846b5f
SHA1 9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a
SHA256 cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37
SHA512 53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

memory/1968-37-0x0000000000400000-0x00000000004B1000-memory.dmp

C:\Users\Public\Desktop\FIREFOX.mmc

MD5 e738deb26be0ae6ee9ea74b117af48dc
SHA1 44905d91300e06cc6b293dcc5bd6688d9243495b
SHA256 363989f254555ef8fb96df9010ca31c6e2035b10af004aeec341fc2ec26d117d
SHA512 12ee06669dddb6bf1f2da6f4be7beb93e17bd9e8480c119cab1ff4c011ee97680d4de7bd8bef68a0426948b2ffb421c32445387c5ed60f1d140e9ff66f96e867

C:\Users\Public\Desktop\ACROBAT READER DC.mmc

MD5 57b00ccb3a351d6e45df0c5865020169
SHA1 c932af20d06642b4f2f0cb839cded241a90ace3d
SHA256 44771198c83ab0ed544795e6d1141330bc8f62129296e13218ef8422a9eab0d5
SHA512 334bf991e5d942a9e7f428948a93863fcacf1280518e5d1992ce36de0e2b3805195e6eadb1fbb70b6c45b371be9a7245c844231eff7c93a8f9b06b0e30d0f529

C:\Users\Public\Desktop\GOOGLE CHROME.mmc

MD5 7dde836318d7cdbeef35f3d06a6d7b6d
SHA1 b26b884a2bd94a432a6e1da3acc5a99dc06c1d42
SHA256 951ba6b01bca3f14eabf9a657497bd172a073984e5a07a6bb39fe4ec8622aaa8
SHA512 74e3154552e693338f587e77a1f01762762406f8a782438ca9041888fb529dec7682692636f1dbd5255cd0922149a3b47c1cad0b3cd782f7f38497526fd945e6

C:\Users\Public\Desktop\VLC MEDIA PLAYER.mmc

MD5 05a9ce26830a5d720143fff0263529be
SHA1 1b726387ca0cd48235aa0c72b95a56ba9d43c85e
SHA256 d15d32a3cc4c32b19be8951fd62ccf2fd9e8d40691dee12899a715f0aff298f2
SHA512 89c4fea31b80b5b3e413136c20d3edf81c9c6ecb3725c6025fa3bf7ce505aeec9bb3d269179942db5574dd152808e1d36c58604b093ed74a25049f1b4d98f58f

C:\Users\Public\Desktop\MICROSOFT EDGE.mmc

MD5 0b7d6914496973c48637995715d6f0d4
SHA1 9ac88bd5741ea9825e77511ddd35ad454f05bb99
SHA256 9d008d6bf529b562faba50a822eba33df5162e98265362cd23fdf5edfa65a5c8
SHA512 ed15ee3776c0eccc4020e006413ecdcdb13ee796376775e2a7fe9d0d7238b6e7633c665f4a78fa3427d9d6bf4309b35876297db2872c26ba0a945dcfc3faf85a

C:\Users\Public\Desktop\Internet Explorer.mmc

MD5 4b9f175d36f729bc91274a478a80f85c
SHA1 7bd79be7dc7fcbe207f16c2aa3fab022a70e7809
SHA256 6533906583c1f768d716d7e9b101d35d1198d9c32a06d882aa626b2e4a51ee02
SHA512 e6ae4ff1cf1ab92cd649ceeda9c59794d8bfd1ca4500f672425d4a74aa48a0e938120d2444a2250513437da04767ff5883e81c7fa5dfa7e71b97bb967c0d5874

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 ba612e60ff16b71cb509986fc82643fc
SHA1 ddb4d1a8396ec5723510cfd5edf01ddcd39f9a94
SHA256 075c16549faed57f0e825e268169a83da8f5bd1bbd8a7840d999655618dffe79
SHA512 cb2f8b5b1bca546002b389d123a0e0182cb35bf46c30235df22cd9259422152b8eed19987fff52333ae5af924bfca8f50287b8590d5d6e57dcdd02e9390f78ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 eafcd3cb2640b55654d680e8538e667c
SHA1 c37daf3aeef89d18924b1e46da6bd877d0253da9
SHA256 74e724507e17c2cc91003b4736298488e4d01890a4a7d90fed649c4f69117b3f
SHA512 3e74086a3682d45e66d97b661653d54d41e7ff159382e92c08d1b2cbec49c43cecf233662eb5db3b46cc63d7fc56852ac89cfddbc11817394cd1f96e4c7d50af

memory/2824-87-0x00000000043E0000-0x00000000043E1000-memory.dmp

memory/1596-93-0x000002629A9F0000-0x000002629AA10000-memory.dmp

memory/1596-95-0x000002629A9B0000-0x000002629A9D0000-memory.dmp

memory/1596-97-0x000002629ADC0000-0x000002629ADE0000-memory.dmp

memory/3336-105-0x0000000004340000-0x0000000004341000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\1SA07OI6\microsoft.windows[1].xml

MD5 fb9854a5b056cc3d006b38bf0eab1b7c
SHA1 0a2b0432e2e9938be1f652c2247827e47b265f44
SHA256 3d454d15255bb82fb8a4cfa40ea848af32395be899aaaf83b6d626a814aa21c2
SHA512 20366182bf5a658b19e3df4eef2fa4e484bdcecc85a893834fbcb2b0ab64100a7694c3dbbdf1597bf3e3a747ede6fe7b81aab5f07653ef40a515edbef90ed00d

memory/2312-113-0x000001BFF6300000-0x000001BFF6320000-memory.dmp

memory/2312-115-0x000001BFF62C0000-0x000001BFF62E0000-memory.dmp

memory/2312-117-0x000001BFF68E0000-0x000001BFF6900000-memory.dmp

memory/4344-125-0x0000000004850000-0x0000000004851000-memory.dmp

memory/3464-133-0x00000269B69E0000-0x00000269B6A00000-memory.dmp

memory/3464-135-0x00000269B69A0000-0x00000269B69C0000-memory.dmp

memory/3464-137-0x00000269B6FB0000-0x00000269B6FD0000-memory.dmp

memory/4352-148-0x0000000004850000-0x0000000004851000-memory.dmp

memory/2332-156-0x0000018B20BA0000-0x0000018B20BC0000-memory.dmp

memory/2332-158-0x0000018B20B60000-0x0000018B20B80000-memory.dmp

memory/2332-160-0x0000018B20F70000-0x0000018B20F90000-memory.dmp

memory/3548-169-0x0000000004250000-0x0000000004251000-memory.dmp

memory/4576-177-0x00000259A4BC0000-0x00000259A4BE0000-memory.dmp

memory/4576-179-0x00000259A4B80000-0x00000259A4BA0000-memory.dmp

memory/4576-181-0x00000259A4F90000-0x00000259A4FB0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 47fb6533b90c4095e33d176762480f8d
SHA1 86f81b2ff313ea50c5e76d19984e645ce645a092
SHA256 ca44a87d2796deb0dcff806372c2746fc9f38b06ec36ffa71bba96681d3f7b69
SHA512 b3ded8f66bf033f33fa8f0ec3520415780b2559d47d6268810b7fd09e6a62da22e3a54e44bc9cdb6b4a794e43371ad2257c5855a19e7f2aaaa48131abffc3f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 82e7a47b4fe9c97fa071f085d1a0f876
SHA1 1f4441151d6bd0cb53625fdd6c44ea5202ba7496
SHA256 e4edef354f86e683555d6eac3984bc842470f4f1e5199cf174910795ede16271
SHA512 af481d040602078309c40568db5cc8d1f1c52d90ade4418d422c3e0d5bf1ed9e2888e19901b1a4b483628ad7ac8c2e61637d7c80d970e2faef87b9e53b9b8bb4

memory/4560-201-0x00000000042E0000-0x00000000042E1000-memory.dmp

memory/3044-209-0x000001BA87A40000-0x000001BA87A60000-memory.dmp

memory/3044-213-0x000001BA87E10000-0x000001BA87E30000-memory.dmp

memory/3044-211-0x000001BA87A00000-0x000001BA87A20000-memory.dmp

memory/1872-224-0x0000000004C30000-0x0000000004C31000-memory.dmp

memory/2144-232-0x000001A3B84F0000-0x000001A3B8510000-memory.dmp

memory/2144-236-0x000001A3B8AC0000-0x000001A3B8AE0000-memory.dmp

memory/2144-234-0x000001A3B84B0000-0x000001A3B84D0000-memory.dmp

memory/212-248-0x0000000004D90000-0x0000000004D91000-memory.dmp

memory/2008-255-0x000002DFAF240000-0x000002DFAF260000-memory.dmp

memory/2008-257-0x000002DFAF200000-0x000002DFAF220000-memory.dmp

memory/2008-260-0x000002DFAF610000-0x000002DFAF630000-memory.dmp

memory/4212-270-0x0000000004300000-0x0000000004301000-memory.dmp

memory/804-278-0x000001A1CE900000-0x000001A1CE920000-memory.dmp

memory/804-280-0x000001A1CE8C0000-0x000001A1CE8E0000-memory.dmp

memory/804-282-0x000001A1CEEE0000-0x000001A1CEF00000-memory.dmp

memory/3432-293-0x0000000002B70000-0x0000000002B71000-memory.dmp

memory/448-301-0x0000021C70C80000-0x0000021C70CA0000-memory.dmp

memory/448-303-0x0000021C70C40000-0x0000021C70C60000-memory.dmp

memory/448-306-0x0000021C71050000-0x0000021C71070000-memory.dmp

memory/3224-317-0x0000000002310000-0x0000000002311000-memory.dmp

memory/3208-324-0x000002A2EB020000-0x000002A2EB040000-memory.dmp

memory/3208-326-0x000002A2EADD0000-0x000002A2EADF0000-memory.dmp

memory/3208-328-0x000002A2EB3E0000-0x000002A2EB400000-memory.dmp

memory/3824-337-0x0000000004B70000-0x0000000004B71000-memory.dmp

memory/4448-344-0x000002A180FC0000-0x000002A180FE0000-memory.dmp

memory/4448-346-0x000002A180F80000-0x000002A180FA0000-memory.dmp

memory/4448-348-0x000002A181390000-0x000002A1813B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\K4KS10IH\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/3760-367-0x0000000004120000-0x0000000004121000-memory.dmp

memory/4108-374-0x0000022DD9680000-0x0000022DD96A0000-memory.dmp

memory/4108-376-0x0000022DD9640000-0x0000022DD9660000-memory.dmp

memory/4108-378-0x0000022DD9C50000-0x0000022DD9C70000-memory.dmp

memory/3956-390-0x0000000004700000-0x0000000004701000-memory.dmp

memory/2328-397-0x000001AF3DE20000-0x000001AF3DE40000-memory.dmp

memory/2328-399-0x000001AF3DBE0000-0x000001AF3DC00000-memory.dmp

memory/2328-401-0x000001AF3E1F0000-0x000001AF3E210000-memory.dmp

memory/4536-412-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

memory/4232-420-0x000001646E840000-0x000001646E860000-memory.dmp

memory/4232-422-0x000001646E800000-0x000001646E820000-memory.dmp

memory/4232-425-0x000001646EC10000-0x000001646EC30000-memory.dmp

memory/4728-436-0x0000000004B80000-0x0000000004B81000-memory.dmp

memory/4424-443-0x000001EF77CB0000-0x000001EF77CD0000-memory.dmp

memory/4424-445-0x000001EF77C70000-0x000001EF77C90000-memory.dmp