Malware Analysis Report

2025-08-06 00:21

Sample ID 240528-a67knagc61
Target 7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118
SHA256 5f19eb0143000f29ecfc79cc4b574b345cf049e17ee067fd02cace6ffe71a4eb
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5f19eb0143000f29ecfc79cc4b574b345cf049e17ee067fd02cace6ffe71a4eb

Threat Level: Shows suspicious behavior

The file 7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Runs ping.exe

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-28 00:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 00:50

Reported

2024-05-28 00:53

Platform

win7-20240221-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f7bbb5cd907174092f73a7604a03ea1000000000200000000001066000000010000200000009c08b4bce2d884289d8080546c92b9295c8e40361ddd3d2c942e19dde49357b7000000000e80000000020000200000004dc5814d71265b6a1a6a6965777b56cd29799bb8cc504d28bf48486771210a7490000000947fa4f9d8ade163a9c0c19e2cabfb176c16760331495fcb101e1271e72c8a01b9c231b919d4253645855bab512c1e40d59907a3f6ccf647d54a4147625104d7d239fe596393875010c08ad1ec19a0c9b22b15b9ce78fa30b57e1c2fdec69543ccd1edf6296b8c0006f61a71e4402aafedaae403825d156a0857a0a557832f88571e96c3a2e3fa2e3aa47185355c41c440000000c8c7fe1bf723ea95f6c811b27be22a6d5ba3097255dac99ad2c11ce20dfac10455311fda480efb0e6bcc0c1da9dc5ff2c8817a580320b242e43f28589e51b27e C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14973377-DA83-4494-9CA6-D35B9C6842C9}\URL = "http://search.htrackmyflight.co/s?source=g-lp0-bb8&uid=223e8677-eabf-4209-a783-1f6e4ba270ff&uc=20180111&ap=appfocus1&i_id=flights__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\htrackmyflight.co C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70090c2299b0da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\htrackmyflight.co\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4ACC5131-1C8C-11EF-9891-EEF45767FDFF} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14973377-DA83-4494-9CA6-D35B9C6842C9}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f7bbb5cd907174092f73a7604a03ea100000000020000000000106600000001000020000000011cde3288aef6b0db4893e852433feb2b8e62eca6aa455f1e7a5016d8516cb4000000000e80000000020000200000000ae331904f001400f367e18690f5b941bfcf6449ff96e839160f820ffa0d36b02000000071c8c0b99643de035d11f26c0a7e7d4d0dbd7dcea030a7f70561be86d1560155400000007805812c11557557a971dd98952361d660a4a0ba85ce5749c97b4245ae9fe9eed813354059b5f88e25ef5b1a37790a6f0de781df79e0bb7ea8537523843e5334 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14973377-DA83-4494-9CA6-D35B9C6842C9} C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423019302" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14973377-DA83-4494-9CA6-D35B9C6842C9}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.htrackmyflight.co/?source=g-lp0-bb8&uid=223e8677-eabf-4209-a783-1f6e4ba270ff&uc=20180111&ap=appfocus1&i_id=flights__1.30" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1756 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2740 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2740 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2740 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2740 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1756 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1756 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1756 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1756 wrote to memory of 1744 N/A C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1744 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1744 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1744 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1744 wrote to memory of 1740 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.htrackmyflight.co/?source=g-lp0-bb8&uid=223e8677-eabf-4209-a783-1f6e4ba270ff&uc=20180111&ap=appfocus1&i_id=flights__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.htrackmyflight.co udp
US 8.8.8.8:53 search.htrackmyflight.co udp
US 54.236.227.158:80 search.htrackmyflight.co tcp
US 54.236.227.158:80 search.htrackmyflight.co tcp
US 54.236.227.158:443 search.htrackmyflight.co tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m03.amazontrust.com tcp
US 54.236.227.158:443 search.htrackmyflight.co tcp
US 54.236.227.158:443 search.htrackmyflight.co tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 54.236.227.158:443 search.htrackmyflight.co tcp
US 54.236.227.158:443 search.htrackmyflight.co tcp
US 54.236.227.158:443 search.htrackmyflight.co tcp
FR 18.244.38.73:443 d3ff8olul1r3ot.cloudfront.net tcp
FR 18.244.38.73:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 3.208.225.212:443 imp.onesearch.org tcp
US 3.208.225.212:443 imp.onesearch.org tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 18.245.200.106:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
FR 3.162.33.170:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
NL 82.196.7.246:443 api.openweathermap.org tcp
NL 82.196.7.246:443 api.openweathermap.org tcp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
FR 142.250.179.66:443 googleads.g.doubleclick.net tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 216.58.215.36:443 www.google.com tcp
FR 142.250.201.163:443 www.google.co.uk tcp
FR 142.250.201.163:443 www.google.co.uk tcp
US 8.8.8.8:53 imp.mt48.net udp
US 3.208.225.212:443 imp.onesearch.org tcp
US 3.208.225.212:443 imp.onesearch.org tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar26C9.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7261fc30631c3b3bb096ac7d0be2880
SHA1 421eb578cb669cac4554c07f6c9b814daecfaee6
SHA256 fcd948fd45344657f7c22876bc8e14bae428ec5979f61db061d7c2e6ca06237f
SHA512 dd380c1559279743ce168f4556d892e629f6d931bb1f02b35b1ecfaa408357aa3c019da90f768bf8fd539e5126af7ded2314ecc030ffa849d1f8fc1bb84d3d35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b45496eba15f645b7806bc4cff5c633c
SHA1 442dbd66120acd5597b272ac32ce63bf365daa4a
SHA256 17730e913b8e5fafc98c5d9f0a8f1d12946c7109d1b4ff2a344a9ee9a6a51a2e
SHA512 e89275c2332f8afe8602d9c43f6e3d6484a3d98256dd4e70c31a4b67a7a707121fa3eeeefdd488b5f5a6f90a6b63a6be20fd9b832fa5fda027b4a068e3f25052

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7348699eeff727a9e94cd8981b45952
SHA1 133e4e310e2c4e2f1b0f3849b2fe67b56347eb01
SHA256 94d312bb018609327bab732880595e986d157c4c9c99b7dbe39375beaa04b8e1
SHA512 5a2ccd517d978aedc792e10e4f897edd63cc7a80be8863604acef4a89ea68cedb18c44ef976ed077cb1776f949f69027ea64464491c602747b3ca9b2cdd34fb1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\js[1].js

MD5 0857af03dd3d4ca28600fd5fe198d9e8
SHA1 ec76dfc18bb51c31b8a225bc1c4219ca94ce2cea
SHA256 b75f922e33b4ed61618584daa3920fd8ae7f4d4f3e51e3f37ee8a61ce3262c29
SHA512 afe3addfcc5cbda10b8c9f84855911562bc4a1597552d6bac85e2b3f1d60b5fffc48b0e759a40a8ff4ee33d553012cfd8781b5c6864b9cb4b51d7e78c141c890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f26b52f2051fcab3b64a2a746e9cc176
SHA1 c51e62f630a8592b99fab9960cb0649b77149d70
SHA256 b8220d7903c242072030d7d640e0bf5c83b3afa711826e26e733684ba382ff18
SHA512 f9aaa758c04d0d94800dbe79533b667f8bdbfa5a9383b11a3e8d142b9e228681f06279f92e02dd5118c64aa1214e6e0754d1b2cfae0fc3e5347c0094a3e01c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb7083d032108c1ae035d0dd29dcbf1f
SHA1 bed50399de11f1f5cfce4087bb19b58142317cde
SHA256 490cf01e1b361a0f764ac9be419cc88007a4eb94ec5a5aef2f108ec4c5757a26
SHA512 1531b17bc009c2372e8409793df7fed6e62d2811b85bf65b8264969d692a4d95b60b42c824aabc9a4bb3f2d5f700aaaf1da4281f0afa73b3e29fea095474789b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba14f0165535ecf21cabaeeb1e3d04a3
SHA1 801af4fade674218061958f3cc7984824d0513eb
SHA256 c8282838385cb5ebeaab586e06306f2a10452a4332e581b44e59433adb838792
SHA512 ed288ec906a23c26d94dc35535c0875e72768de952efa7b224d6cbba4d151cb6aa2eaffc20c68a6799a7ebd2dcca7e4d6e045664f23094c8bad751a626675da7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 27a3c4fc2e22e7c16397f9837e9d30d5
SHA1 f042efa0eab0966cdae17cda68027942c28775d1
SHA256 52faeb436c4fb38f132c78892a15182586ecf05efe237619ce74bcbc1f7d836a
SHA512 85cacf843ff7b65a42875e595416e39169e5bae5a776fe9cc4658757094f64cb3dd94fdc70cda6cd27c6116c540cf945543207d217f6031c13029b78e530c981

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 dff9209b048db45fc7595cb17c8445d8
SHA1 d9b24f2e32489117b4b7fdb291a8bc1dc66d0620
SHA256 fcd21edf1221ea44b10d7b0e3de792fc2a4b0fe3f8aea14279dcd88c9fb9c7b7
SHA512 cedb857cf3fd22eb21e815cd65992a8500ba909198a97ac844689e6033e50a91295e5d3292183d4cbdf77c15b088bb060a2479d467a2ceb01d495c0327977ee4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BB29VINW.txt

MD5 8a8b9e96bdaeff3561ea4decd0791ce6
SHA1 caaccfdadba012fa7cc647135ae30f8d3c424f8d
SHA256 9ed6d3dcf0330d8bc718fbe1f066f7f0f7ba4e2b78f18262cc4d8971da0d7469
SHA512 88ef5dcef3b92b4407376ee728abef09fd874d430d98ec424cdb167e75419af798f935b7f31c7b4111412bcf8335c264c6ad3fa9a551a091bdfd1bbfe0ac839f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon[2].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

MD5 8d6f99913c7e1a0747b0c805f62766b4
SHA1 79b51fb0aeb951f91629cfcd1742c8ed10de9744
SHA256 c02ae4bec04299c206c5359f5d911c68726ec70e64741abc350b8b1b54a0852e
SHA512 f8962f0c852154bb183f404e63489193f47e2b30e6099befc4be6440c0a6c5d22ad14c4d8f78fc085087bd176e1af74078b73f2f5b681f0586a821fffa3f9919

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6a3efadc44d93cf742290123be2ed76
SHA1 1b3e8785933a9682aef1991e7b7fca65b57f0067
SHA256 20b574707168cce5b0682ba1db10ba47225e9a24c7fd67050831848c09e0e125
SHA512 168f96b8107c5e4d2cdb54b736cd954db65d01d5e118fdc63bfba4c90fc25a1dc6f972a025bc5b5bfa95fafd0c8a9978bff4431a9a2756d44eb918ceace52946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3588dfa3d50bde66a6bd74a38c8ee5a
SHA1 4c255420526c87f57e9d266855ce334028c4c26e
SHA256 1d52d5f207f79f3e092d55272b0cbcc3a97adf258dc23abaaca07c87f1a50b9b
SHA512 8fc0386c23ece5c5d2d842a0a03a838ab28136ca70fa763a199f9b228caecf47a370b96d1fcb18e34347dfcbe76573ed8086b847cd229c46365e98c3ddfe7c31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 092936f359bb1f4baf3001b8b72d328c
SHA1 faddad719e24d05a43bcc0979c2f62a72a7d282b
SHA256 092f97735d657e1678844624233da134fe16f4ba25f629dfbbf7813cdbb7e662
SHA512 ce90af3fd0283668ca6116dd4d821d639e278077dc344725e80cc01d916a23f0e77cefbad20fe6b2d5770499aafe6a58110ef0c552dade2ce4ca17e0e2f17df5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 240227734e49edad93c4f1b7f611462d
SHA1 8394d6bb2356e2b3bacdbbd1a69dea28f7fcfef9
SHA256 e96db6be15ec7a1b8487b2bdcd0d1077dc33358f3c4f4a01c51498b311381700
SHA512 13b7a0c3e5c0559156ca0d88bcc31a377826fe2812001a64f4677cb550aa10ab409ac05ce0b82441bcdfea08c8c1fc9b2bd3fcda369624f5a5df22cfea8633ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 746c424ffcc12bac3afe9e3607bbf4b2
SHA1 cde1955212909372dd28a6a1cb33144a955d3430
SHA256 1c3df10296403bc3d7a253628d909f2edbeb8f7fda6eade925de9ff83c1918c8
SHA512 8128780a273a830fa59a19cc3c2eaba82efcfcb9af9166655f65a702c7caba0e7b31b1a526a7fc93049fb54fae48fe435eb8e7d1a8ef662932c4a27c7e31e22b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6e6485b69b0836129f0c3cd400a12c7
SHA1 3a30a25288b73ec13050528756aadf7566732dbd
SHA256 37c9f1d7b6f1bb463c1fdd292632ad794645cc6af5f38527f2442816e3cee8fc
SHA512 43b6d74af931c0d264785074deac175422414f266c6d8da8f2a820c94c4939f5e8ad226d488e80f438aeb8d9e2ceade2c48dfc773b01ccae35902af47b3a3adc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b292adf6b7c98ee8fcf52128e094ac80
SHA1 2ef96eb5b1d6d0c0169cfb5dfdea8fd63fd881de
SHA256 e018a0991da1e5543b7c9276a7526bdd745f1338c908a5184a7a882b36c4b972
SHA512 80b19a7d8d0b106d76f3ee3d61fb8d9e3e863a98181ace711a6982ff26da12ac61206bcbe370c39c682ea85e18d50f74cdf6a5a72bcdaebad824ad09571d586c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c75e603174e394df54be0433df569fc0
SHA1 561bdc0ddeab9761d0155db769aba8143e4dcf71
SHA256 1634b36059cf3c8e7d625ae7310786afc24fe28edead69f8c259187a538218e3
SHA512 4e90a1fab90df847195366929ad579249fd907df78202e169d27b3c38625b501f34c38b35370f05043105c508f8e0ca7c72e0be2ba0aa840bebc8df50ab85484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23c755ab0c622f94f3c04d34fecbea0c
SHA1 f163914fbfc7c1f6ee4bc63640b4f85cf4041444
SHA256 eb60fbff9316abe3c49205d4140a84d6931ff43db7765f3fc518d37d3ea9812b
SHA512 929b66d9a2723a705d43dc646fc9011f5c83cf9d70d7fc53fb863c3051265073a518c6f1e6bc6f376330147444048bdf99208abcc2c43f992a3fe0ccf246ca7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43967c771b5d746a5cbfec642a900c8c
SHA1 9fdea435683829127d902611ea14b80038e75fde
SHA256 63828510c7234f4aca0b6de33869fa38723c61f4ec88a6c2ef1f755a82ad5ab1
SHA512 9acdd8186042a4afc851ec7cb56e128d967f25ff450c1954c1dac1ee15988fb3d9b9d360f3396b53ed64bdc61324f426d36d00af3a5aa639d80496fc3311f70f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 974e1410606138b5a9459755bf427f6d
SHA1 0b03ad92a32aaee1c4b851cd4909142eaf659623
SHA256 7efc1bb0841e97a9512218184c32d2fb9c4a5a3379e812a7d617abcb3d5620bd
SHA512 38a5b41fa3a656a62a49bf53dd67ee688a6c9fdd92bab0bece59e2aee6adde86d1add4ea1fd64dc3871c578062e9991e0b9a3f7f69b3a4ed7d39ed4084955fe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a087677dcccd1647f5d92e4aa10d4a66
SHA1 42416e48115d7dff4d87f1929ef8fde5d0fc5253
SHA256 3f3f6dc7fb8e2538ba0b8a99862592b51901c0c9d12770c01900dd680bfccd91
SHA512 f50638e55de4a62f0a1579a238198fe4383b3f85c511a20598fff9b4a7dbaa7829cb621ee15bf1bae22cd8b94ddd24f53cfff177c6e4d301a17a3b36634efbb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 749ea6605cae46fe7fcf0c34be4c5f2b
SHA1 2e0a0c552a7a099fb67b07734e35486595c4cebf
SHA256 2cdfbcc9ecd5f703526f3366c5ecaf4031b37a74eb38d74d910a9c3d96665148
SHA512 fe21c1faff09ebcc7296853e617f68122a81dea7b783e3120f9f4027da285e2792c7a39bab8408b0600e6ac7117834878457db2d429787e9c04872f89cf012ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f164d492b825f96a4260f56a5f403033
SHA1 616b5984d3d29800ec982c90bed87150194a6a11
SHA256 4c3c0f644fc4c22bfc9d40acd184316e5e47dcf2f4c45f45895b550a90713700
SHA512 5a8664e1dd2136bdf7ccb6901af710af9d0f27b34df9bff6c8dd47ee82b81664c3f2bf9cb6f9bdb901836e1b9ba8551d6b7d9ab0fe02dbc97c38f0a05613e426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8720b415ed5cca07a1e22ba4d1416d08
SHA1 276f0ff60351e55d5761e53c9920c6acc3dcdb34
SHA256 7b188de3385f6ba671e4adbddc51b954413775af032ed5bbd4009e82710ede84
SHA512 f64925e50f3bbd39e1f229de0fd2853e1546a89e0df9393493c34d76b250eb1c461453b2040ffd4e3f37d725d1134f741bc35015668e32573feb53876ea6b0dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc4d967e39fc19c870a1821acd116b07
SHA1 735300dcd9715d374ab3e2e7084e79909e85a0c0
SHA256 3e573ac3c22f79929c6f99f1f68a75424e4c5395381677b320d59fca5e87abc7
SHA512 a69e6347dd97acf33a7d1611464549ddf8d27941a3ab290732e7179ad74b256a82e38c6667b64f7040fbf0c2de58afce6d5693473d0adc58359860a09521d7b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4f65762e2d05251e49a9f91d7b87aa4
SHA1 090ca0e72dd77d8dfeba6f56279bec3f050001c5
SHA256 ffedf8702c8c324b77bcc99bf2a88db1c9d9b274a0b6da4f794d949df7afcedc
SHA512 9caed3ce54298732bec5ce96c3ed91d3a0f560ad99ff8912d0cd6ef4043209019e0ce76fc096b8ace0d790219004e99e9fb66847c3fadc76eb19fd4dab9adcba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf2f4c384ea412338834db67741ee119
SHA1 9e076a6957b1be14ac466301532e85d1f9085829
SHA256 d0627c0b3d03e2ac31f4b8280da200779d693ae810e3cdc1157cee7213eda685
SHA512 a63cf0a320e206ed76aaf993a7d07517d5d3fde1ea22e120ce004d250462fa9144a18808e1b67cddd6f7c72a93967a0e1ea9d8d9f42132debccddd7cb5c054cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 179c5c04073626c1a163bff62f827131
SHA1 4a4cf8d2f127169a74075f4383c82e19aaf2e26d
SHA256 6f3f3b231a81ce28b39fc7de95028d565d532d5c3ba9b6e34becebe7abd8d793
SHA512 2e7fb0fc2a35e9bdfe4884b347411e2dba15b05e294d84c47c5607e5cf7d5f238dcd4c279d6dac405038a1eb9251d1840b4948f192c8c6f58804307fc8ece26b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06422789dcc29a389cd318141de1d49c
SHA1 122d303ddd0d7c03e4566c399022e34d705cc46a
SHA256 c9526beff39c954bad2ec260abaf10a736fb97bfda42314649b4e48fd8ed4224
SHA512 2f486ad0307774120901559d64b8bfb4aa5f1f19cf591d3b45de9973d9840cb5c13231106e66b121ff99ff15e7b6efdfe38376471fa142dce7b360105f62db19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b3b0333c82290cd81e87eefa84f9dc8
SHA1 d711004011392bf1dd33b21829ed4a8818eb21e2
SHA256 db0e86b375ecb0e66ccbd2a819a44cfd14605256d9949be0d760bee4796bd696
SHA512 aa957375af2a7ffca45d82eca1d83c6b57aab72241ffd4bc145c5b0f82e0990cb3ce320c51f7d940b43d6ffea0f3051e12cefa805af5bd5c2fb1ee042d312a1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87e5f0abfa995b68700d66aa8e48162c
SHA1 49dee4401bcbe6b5e7dd4cf98a4eabc517f5aff3
SHA256 d48811cdbaa978683e263ddd8b65172387fae5424a8349aa0634738351856b5e
SHA512 d0f996a0007fd0bb971dd94974d74ce1c80dff03abf15f145af7a0ceb99a88b7a86afb659e810b966b786da2df121e14f61f8bd86444709b6b2f9355df271c60

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 00:50

Reported

2024-05-28 00:53

Platform

win10v2004-20240426-en

Max time kernel

93s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109273" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "531489760" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{F2724A0C-C775-4E5A-A607-21565F03175F}" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2724A0C-C775-4E5A-A607-21565F03175F}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109273" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2724A0C-C775-4E5A-A607-21565F03175F} C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "531489760" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31109273" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423622410" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "530551530" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2724A0C-C775-4E5A-A607-21565F03175F}\URL = "http://search.htrackmyflight.co/s?source=g-lp0-bb8&uid=223e8677-eabf-4209-a783-1f6e4ba270ff&uc=20180111&ap=appfocus1&i_id=flights__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "530551530" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31109273" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{4B2CF9CE-1C8C-11EF-B541-72707479DC64} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2724A0C-C775-4E5A-A607-21565F03175F}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.htrackmyflight.co/?source=g-lp0-bb8&uid=223e8677-eabf-4209-a783-1f6e4ba270ff&uc=20180111&ap=appfocus1&i_id=flights__1.30" C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\7b2423829fb8a7fbcd65de01c55b8ffd_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4504 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.htrackmyflight.co udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 39f991f6e6aecffbe2db5dcecf1f226f
SHA1 b512ccfff1d83f102d75aa8f78df0c7051bd2df0
SHA256 6911a1c252519f8cb3db2a3eead8863ae288e14c699866b2bc580cfc0f3f42a7
SHA512 3d7954ad14d8361a0f9a5939c0b0290bb42fa32ac2da1a809d3985195347898f4f0b1d0c1e33d87a6d14d61c48fe3258d7820a0bece6723b0f6e18eb60307e71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 c3ad1a31fa82a54803eca3e6bf6ef4ec
SHA1 2ba8bfbc7b8db7d238ab12c7ae07a231fd0c6358
SHA256 03371e602b47043b6d71c6a2b64758ed823fb95d72c03ed0c39566985b2a718c
SHA512 a1ebdc5dd3ec792cb26238101852a0b31dd889b900af9dbac1abb8ff40cef3f8cf34a8bacb090a199b307b008616a9abfb47d66ac1914978f1774cc8ca9b2f55

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verAEFD.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GO42234Z\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee