Malware Analysis Report

2025-01-18 22:16

Sample ID 240430-csl3xaab7x
Target 08cdb1000e4db43815ff90eaebe54599_JaffaCakes118
SHA256 04cf322e3d567f78c2fac56acea08a72206e86b1de1c456e3c5892474d750ca0
Tags
adware persistence stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

04cf322e3d567f78c2fac56acea08a72206e86b1de1c456e3c5892474d750ca0

Threat Level: Shows suspicious behavior

The file 08cdb1000e4db43815ff90eaebe54599_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware persistence stealer

Registers COM server for autorun

Installs/modifies Browser Helper Object

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-30 02:20

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-30 02:20

Reported

2024-04-30 02:22

Platform

win10v2004-20240419-en

Max time kernel

147s

Max time network

150s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "ShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\NoExplorer = "1" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}\ = "ShopperPro" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer\ = "ShopperPro.ShopperProBHO.1" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID\ = "ShopperPro.ShopperProBHO.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL\AppID = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\ = "ShopperPro 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID\ = "ShopperPro.ShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-30 02:20

Reported

2024-04-30 02:22

Platform

win7-20240215-en

Max time kernel

119s

Max time network

120s

Command Line

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll

Signatures

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "ShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\NoExplorer = "1" C:\Windows\system32\regsvr32.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID\ = "ShopperPro.ShopperProBHO.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ = "IShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\ = "ShopperPro 1.0 Type Library" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CurVer\ = "ShopperPro.ShopperProBHO.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL\AppID = "{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}\ = "ShopperPro" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID\ = "ShopperPro.ShopperProBHO" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1\ = "Shopper Pro" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ShopperPro.ShopperProBHO\CLSID\ = "{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\ShopperPro.DLL C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}\TypeLib\ = "{8FB1A663-2820-468B-95C4-5060A4C5F413}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5} C:\Windows\system32\regsvr32.exe N/A

Processes

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08cdb1000e4db43815ff90eaebe54599_JaffaCakes118.dll

Network

N/A

Files

N/A