Malware Analysis Report

2025-06-16 07:34

Sample ID 240601-yyg7ssed99
Target 8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118
SHA256 8a6175b0c82fc4fb463d548474264e186bd36192ff5680fe8f32b6953053ce2f
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

8a6175b0c82fc4fb463d548474264e186bd36192ff5680fe8f32b6953053ce2f

Threat Level: Shows suspicious behavior

The file 8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Runs ping.exe

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 20:11

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 20:11

Reported

2024-06-01 20:14

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9C00F8D-3EE7-48E7-AA76-4BE651700324} C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchtmp.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059bb71d7b6295a419e48ac8dffccdd9b00000000020000000000106600000001000020000000a03ec47da86f102d80492885cfff2ecfa1a2a7b6d0179d37e4c365bf0501e9af000000000e8000000002000020000000e18469ac7a7221bb185ac6351f0b5d2076c5c9f88232e6a75bb6cb1801d66392900000003cc2009370f4d09ad1b94f4db92073438e5b8617e5147b02eaa05e1a38243660d6da51045d809aa7b5d8a7e491997e3a4f34ece32d4fa95427fdafaf7506d450b22790d7411b8b1bfe3c041261a1ba70b3d98fed731ca0367d83a68c07caf0063096805ef9559cc2f4b4dda6a8af2ca2087fe8f0f35721149d09d916251f718bf14ae098dfa288952be308ace54bf031400000001d855d6ec0c0237c5ddcddaacf42427a13008f2c42efda2e9ffa45902b31a1263088d05be7939d72a49d0be1b02270cf7175a2acfe69ec1b75941cb00917873e C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059bb71d7b6295a419e48ac8dffccdd9b000000000200000000001066000000010000200000000c36ee99d22341974c428214a762f37dc901ddc460ff65caac0d1512393b328c000000000e8000000002000020000000f4f844c55637e3ec9939746e472fb2eba9f6c3804451236d01ff7fa9d338dcf220000000e7b23895f54ecc47312fcf396227db3e40e36a480e40b072510567ca6626e19240000000fecb9065ef0400b5dce59c3007110c5da547ffaf6c9bc9fc203a3c7765d0f93d4d3d0315340addf5cb465bd0c28de87e517c98029cd1268bd9d24dfb00e61448 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01eaa0060b4da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9C00F8D-3EE7-48E7-AA76-4BE651700324}\URL = "http://search.searchtmp.com/s?source=Bing&uid=fb4b22e7-52ad-44f4-be5a-cf2b5f2052fb&uc=20180115&ap=appfocus29&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26D92C61-2053-11EF-8698-5E73522EB9B5} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchtmp.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9C00F8D-3EE7-48E7-AA76-4BE651700324}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F9C00F8D-3EE7-48E7-AA76-4BE651700324}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434567" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchtmp.com/?source=Bing&uid=fb4b22e7-52ad-44f4-be5a-cf2b5f2052fb&uc=20180115&ap=appfocus29&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2484 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2484 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2484 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2484 wrote to memory of 2604 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2820 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2820 wrote to memory of 1008 N/A C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1008 wrote to memory of 368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1008 wrote to memory of 368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1008 wrote to memory of 368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1008 wrote to memory of 368 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchtmp.com/?source=Bing&uid=fb4b22e7-52ad-44f4-be5a-cf2b5f2052fb&uc=20180115&ap=appfocus29&i_id=packages__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchtmp.com udp
US 54.234.234.179:80 search.searchtmp.com tcp
US 54.234.234.179:80 search.searchtmp.com tcp
US 54.234.234.179:80 search.searchtmp.com tcp
US 54.234.234.179:80 search.searchtmp.com tcp
US 54.234.234.179:80 search.searchtmp.com tcp
US 54.234.234.179:80 search.searchtmp.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
GB 18.164.66.220:443 d3ff8olul1r3ot.cloudfront.net tcp
GB 18.164.66.220:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
GB 18.164.66.117:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.117:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.117:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.117:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.117:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.164.66.117:80 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
NL 37.139.1.159:443 api.openweathermap.org tcp
NL 37.139.1.159:443 api.openweathermap.org tcp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
GB 142.250.187.206:443 analytics.google.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
BE 74.125.71.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.searchtmp.com udp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
GB 143.204.67.183:80 ocsp.r2m01.amazontrust.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd2a5ece47d7059b67fac84d3ac3cd70
SHA1 0683b85ac818ce0b3f6deded01fb11568affeb0c
SHA256 a8bbddbd4b81c7a2ddcedf5811b33c98d6830c908fd997306de4c3689ff28ec8
SHA512 63e83f2e51503997f19ba4390754ebc7f3a70922b841110db78dcfb459f85e752f408a774bfd208a087783a8c1f0699606e8299d609d7d1be8565e2366920a41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bcc1623afa65007382a0198b1e93bf7
SHA1 ed00437047f6b33a323152125ae9ffc313f074ae
SHA256 75e311df04e1cdd831e82eb8c5cc95e938bb65e7bb1db46615a7562095a56b26
SHA512 982487d0a27730dcb6e48d6c73e813d23b1470a584405958cbe909df5622ca115cd9a565561e92cfd7eba7d4774c687ce0f224f989e9d76dd4f9f115d267507f

C:\Users\Admin\AppData\Local\Temp\Tar7DA0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47c106ddeef3b99e869fd71626851f1
SHA1 a221f30453eefa52de5cd7165e0fc87fca876dfb
SHA256 eb8296c83e3b7041a50b75e227ef39b2526eee819cdfd4ad0a308bdd6297d66c
SHA512 ee473dbcfed933e44857f6e837139990760fd33098d207db2157f9c021bb05d7ea7e17267dd0d89b523cbf43057d499f064c8d9a3d204574e2b20f90072e5904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 8426b113b6bbef15c67db9ad32ed31b0
SHA1 360add1bd5e3c33ad20a5f31550b82f0a701302f
SHA256 94b86d695caa411ae3bcda966783d6fff8f6827abe91eedeb92b6167dd83baab
SHA512 8895ab0f4360a567a6cccccd2da39d94b8394bf9fe5e5cd978a4e140e7a67c0e9604c23c4fc9f2568a88f62ccc7449b5d54d8cafe037ba0057fdebf0970e2649

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44abbb7074d7fe557cbabf6867320764
SHA1 a441bb1dfab62855608a993eac4962fe3edcf143
SHA256 d0c6e1ce0bd80392dc6a8f0884129e2d3017754298d5aba2d1940d7eb4307f4f
SHA512 8276ce879a0e6fd2a00ea5eb47a63894087b9d2d081b2d0182ed233a8b2eae34524a1d33e832d7a74b779e583f0b9fe302bfd912be9f35eb5f9b6c1372d773b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba6970a3cbbaa56eb4179289311aa593
SHA1 37c75fafe54fbc69bfb4e4dd6d67f9c23ecc9a6f
SHA256 6ab18aeee1fa5f8dbc8dc08df16b87c316e4f1877db623221ebb7fa553f03b9c
SHA512 38ed084730e9f23df1af6662f41e25860e21768355c15ec73dca77c5d5e4f4ed5cb1ccd175907294ad196e443c1066ec107ae18cc4a54a53027136bb77549519

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44649d2a9fc99cdd96886b5714213433
SHA1 fcf0693baeced512c751ce505daad12f1f05db07
SHA256 dbab0aeee5c39d3656f0406d20be364a75ee7d8e1a0447c7b829d020a6ed3db4
SHA512 af77ce8d78288c170fcb0ce65a50380a2ef256549928330cff326c404fd4fcfabcf92b0d7c7ad960df2a290bf3fcbcd37e7d1d54c77cbad649d7e6249dd50114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5970552e2ef915371ba34deb0e2bd099
SHA1 837a07640c1f0db9eacac572a0500d5a92bcaa16
SHA256 b0e85eed0ea56c2c5fe3f166144ee4e28d8d5b20855ae96357cb5bc15531b6f2
SHA512 f93be24feebfa2483b64a667da9377996f2e5bd3deec19e1327d2c5631d44d42c76ad96671f2f52b04ff98edb2fd17fdcd100ab8d3c24f87d69bad1926362374

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\js[3].js

MD5 1938f928c356f1e8cd3105682a9f6884
SHA1 a025de363a8dad2035bd9f853d80dd05a0d5eed4
SHA256 a7242df8dfa9491a54902531895b318688c9d50bdd608cb269665e6cd544344b
SHA512 1095de337fcd30fd74e55bc4ed0c508626466c6dc381e313f999fb307969b89616a8e5f7cb79e71caf9e843b8ffc30ea743534c5337cf60333a06061a69332e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 382de4360df0a6ca8e9ab1435bac1935
SHA1 7d3a58655ea2b79449b3d7d7a09d20c0019923a5
SHA256 ccac4ea45e2cf3deea144978a2a1112255f7c4ac23bf6e9d2a413f5d91004ecd
SHA512 ca27f348aafd8c5f62d64c6f7829dc36774d63b9d5db40fccfad809c894dabf31a4678ba290887176d600e6868be9963904e814f733dfe1ecc750c162b59388a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 3984d84eaa7b37456a321a3a70d6ae5e
SHA1 b305548adb7e425d6f757b34f21739fdea609c79
SHA256 74f368c39575b6b612fadb7ef03f238ebc8deae3b17ef5d8315e3b63a4ebad26
SHA512 2353cd9d61137096ffd820daa57741ba3ef16843c599f4c0000a56bd3fb7f1ab71116adb69975484471ca1f8534e863b37c95240700504b0e0ea187bb3222a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 fe9984c1b73eb3497ba92ad8664d7f16
SHA1 52251a212aca411a017c39d8443f015e0eea1d95
SHA256 84ddd91c7223cb8b7b677d4a506ed28f091248249cfe1cf892ec23717c897a6c
SHA512 4430a37dc8e5cee89af59d7276bca7b1cc9812a6e7a3d5422070bb6302989b5bf152a6d252c93785655524c723547da2c8e897084670ecd14a9ff76e71e8ceca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a424bd74b17950275f74d2faf980a83
SHA1 35c7ddb0f38374dfc8d61c6c5b50c2b74a4300a9
SHA256 21ec72ab78ee5ad521323114d4b63e6a6b315b810f0bd9b6983fca3dbbcad68e
SHA512 dc1f74f9927933d18f4d2ebf8ffd3b37f983cfadbd26cd92904ae1bcf6fc140bd161c32c36e4962ef2b4c90bc38269f66fd0633d2b29a34d4e27401d1731add0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e950f34666215bdf6725f0abf90242
SHA1 ec9d66e05a179d39819907233ccf044643aedabc
SHA256 098bb202dce0c84b64c139917b76a50312d8f9f1b5a1b152c760e1820f944e1e
SHA512 e096c186a93cbc2609c6b140e231889049fd0988289f72580ed4b898e834ca4104bb85a2122371f1419bb03bd61cd1ed4677f8686937e850d0b268df59ec3260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f4b78f6b62ca6fee55dc045b9435efa
SHA1 e3b74cb942d99fd0f6956369d29d46ec84b36e6a
SHA256 01d19f5dfd0dac053a1fc8fe500b8da192454245dd900d9809287e713fb1aae8
SHA512 59bd0963fd16b7f1b778e5bd2a03e58a4ab341268b830dbbb8d9771e7cab9da9d74732a5fb898334710244802e3c4662681c2c2e235f279d27ea0cf8a132fd05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a5be68fce9a1e3b1144247bd38ddbe1
SHA1 75792231fd5bedb625fae36a4680f3ce1d06f1f4
SHA256 e3aadc6ed2da334f01d5332c9d861b194ac4da195cb14b1f145fb4d343967582
SHA512 2f034ae60b3d7fdd404c59c1222ac08c2103974755887e2011147d4c769b36a20e403ec14d3b52d4f1150c70d884355dffde89bce67079cf474963b452542992

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V24LG13R.txt

MD5 466a9bc0b5fc1f43ff7b7addfe85aa81
SHA1 f41e68c7011b5c90e0ff45a835b3fd944c312aa7
SHA256 ba51836898fd36d7fa9e3192dd7ca488f6beb77e43727baddb23aaeb6bb9405e
SHA512 656bf72f1a7bd0170ddfc2f74eef2a7b0649c2ab6f3c1ae6aba5a28ef94051ff0d590710c08842eea69f937ea70336dfce1fb019e954e41e099fb03cf96a7706

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb2e6b463b03f2672777f9bf7bb9cf38
SHA1 66b6de023c1beb3b4bcfba09a2d6d7d983f88e46
SHA256 5df58b49ceee528eee816ec53712e69e8d94f5338af52c337a0d92dc1c81a8f9
SHA512 15b5c9c118b3e46f28b83b8cf9ec64d3a2292112aad1036a1e17f2f2653ecdf01c9c2fc8b2085453676db8638bdaa86f28d06ea162395a535304db3699ec5148

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 647a333ea7f32df5850b9dd51fc0538e
SHA1 d5e52c94293e5b890e24f27ba1202834ce808368
SHA256 487bb16dac61477524b305ffec7d50183bbe934d5d88125c960ec67856190001
SHA512 2137b39448f250e562a6bf37d90b2a8ca271da1b754a3e97b8e92313ac0200629f2f578470a4e665e5c7a3f3a62a856f420e87f2d9894f78109576fe371cbee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af2dfd096da78c3fc3ff2246d8821df0
SHA1 f668f3374f75f055c9747c46a2018935a14b4192
SHA256 851428ab8de3fad605eff7284c743539363c97326400fe78b859f4c739b84ea1
SHA512 bc5a7f017047d11321fae86b7800dee26043d412d4dabaef9725c531c659bf6a43d0e39d20a90ece11cc08b33df0413cb6bd1ce311569c17db152f870d6bb00f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 e277c4a8ad7f9220fe6bc9e35d357151
SHA1 b3600aded08c74b881e5e7dfced523ccee3b82fe
SHA256 c076dc5e3038e84ed13947ff76b39a9ba83013af651d70d776e56e0df2d2b579
SHA512 f8f9b0519c17b1f5985e21b9ea6da9c2741e3b5a5b93ed51c2677f242bb37ae7c6095a2bbae9bbd3150ac2f232f491e09a4de0b2cf6089a7c7a1034b905a671f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 937b7e1d66e1351f67adee906ddb580b
SHA1 db2d3d911ddd29b4a651c456670b4eec20700ca1
SHA256 39b344d1d63f82f44e247870811fb97569d1cac07273b4f326e7e2f878219501
SHA512 ca4c0d84457fb2808f8637c1486f3e5fbcddb56128dae830c13c9e09b3d9a0bd7b18caa7fe5650417391bc60fa53971826160bac0b89d00c008f1459f4f811e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 da6c269876d789bc3471927903053880
SHA1 d80cff674a4a2df8caf60436ac93a5584624d7f8
SHA256 ffbae358c0a4c7cb478366ee8d738c65b46fbc4512e2a48424d10c0731628776
SHA512 4ca1ee9b48abb4b45bdb727062dc04e9462447710650a2313c2e4159faf6484df848564513975d4fed7bfc85336454d8d79626ac1514088951a99bfc2118b125

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 4c8fc9761e5cc4de1295bc5cac7ce792
SHA1 2d7fa4b51b807e79a76905d94592d6f71e56c5a6
SHA256 d925084627410368771cfde6cf65e26c2aca49c02cee373b052771e217742b04
SHA512 e0c98bfe0526afc1c9c88571f53735f9bcc255be9cc266fb9918b28c7d11c4ea5561e28fca1d98911a97dbf83b3f2fc0009cefe673c5934c3c584ec91f06d242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 fba11e0b3a1d3e7b4ec587921453a5a1
SHA1 ed7f14f1eed6bed78e4a7bc3f087be52982e11d2
SHA256 958da5459dce2e89961de36baabd0991df50f0238cc8936c6567bceaff19155e
SHA512 41754e56eb22f18824f76bc018be2ba7e4d9ef16f620d5ec4792d4a498a06660e4c589e26a2949a7bd5f17297d4ca8aabd556205d694cb41505f3bb4d39b9502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 d182192d7d0129524278498a0b3cb659
SHA1 48ad5238b25b7908f766c5140f72c5ef245f7e5d
SHA256 e12012346fd80ef1aef37d80ed5be0ce685f8bcf250dd484a1cc05f963879307
SHA512 687e56b47eaf741d6c560f39c627de4c77e42eb7dbbd757d7165158ef778c8981970d129db4d7595c9c70ea39595de785a3dfc2d6493176da2495055d74421bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

MD5 bcf3e1e4e63f47080a1aa08b2b5e9aee
SHA1 f354600a4df230815c9d8aa17ef8630835f97d24
SHA256 cc6e80d979374301604cfc033b8fa0bbe89d7d42b5f11bc541fde1a79eb28e44
SHA512 cbcd1589564f9acf1c96ae28da6c3cf935cbe81ed9d7a2608d0a04f1015cf87052eefc03b28a0d003bd2b442b91d311775825be78a9b6ba8664aa839faea1a9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b730dbef8219376b6966f2cbb6d2261b
SHA1 48d8dc34dae3f0ef89e280fd7c0b1e64d52238d4
SHA256 925645483ab535f1539605a3d0b748169b25535c978da6a76d39f888cf23bd14
SHA512 90457e1e3d93542ac660e9e045b8b35aa4d02629bf05d1ed417b41315f3d83ece012e7afd3066b7986298e72e151f77325611803090d5c42c7bcfdfe240cbbb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e8bf64c225bfedf3d47e838c5d1269f
SHA1 35de5b14b694fab41b4428649ac0da0b339426e1
SHA256 5638aed8329a6222ae05cbe037fac6216014f4b2f4de2bb9881a43f0847f4ddf
SHA512 eeb1ca7ae394d54b4c3e1ba029931a2ad08e759091feaea5e67dd41765f228c6e715efb0f5e71ba292e3dd0bb980d3613c37c0dbc379e36f61e289b30d3fb4b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fbe709cd11a25e691a606f99b8b67e4
SHA1 0305a4dd051abf9ccc47ac5e7fd6bacb235a8727
SHA256 3f00ef34bfcba8676fbee0a3966f4c39f0047e884d07715a2703c7657dfe126d
SHA512 b654f6dc3f7bf907f4b04827d501090113ad4c1c1d44187597c745bd626c6980f3dbea5f0c100b57a7d0bb756d7a306977303dd2fe26f8249385e5fe9ee1e1f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09f9c45e4ec6bfc00d9af716fff154eb
SHA1 0428172a52e7133f02f60d4ebac1348479320b00
SHA256 e33d6ea15fb3f949eee8eecd065ac5a362d80eac70b5c523fa269768f83adda3
SHA512 bf186355580a830e42539ec0b6cd87687a43df8b155fc6e4d877f8775c85a067571ff408447e4cb5e0c8531352a8e16e193cf19e7ba4519bcbdbe526d7beff2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43557ebf192f9e09f966ac27a6a929b4
SHA1 b56aa61d7ff9db4c8c4df3c502da32c151a74afa
SHA256 fc2639167ddccfcd125c3b48fc3a1c0eb6c40dd3a327e374d3559506c0c828c4
SHA512 6d57e03aec9d9b23a02d44cef83d48653d56ab07c1290a35956a57590ce3a346670eb3736ecafe1968db5dab5539faf89ab2d077e4a04e63d8b591fa0c53117c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 872ca2d729b1d4c33b96771513549816
SHA1 950a20613a2c40ff2be1dc259590fc7f5a947880
SHA256 07b74407d7216275aa083b080bf70b61c6ab64c83a8784153f69eda3cffcbc0e
SHA512 8ffbf2860706a7e95900df3a1bb0fba108f1941c206793a01ace6b54645fc9713ede89f224aab2694499f8509e2dad43c03a41410b64f21554a264a2442fc3a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8036c2429ae2e69ed38a698bf5678632
SHA1 a52d0f688644287a93af3b6fa570d24cd64f5c3e
SHA256 08680f5c94db402f370c20565576fa175dab4d4f15f6b3fc0b363dae22002629
SHA512 a5cc1409a11a0ceac49d6fab3c911906b2440de3d0d20460436fac1d1993f6b71bf94bc08e11de0e8492bfd7a735459b037cc93bcc0f5baaa874a7c079f4c536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5129ce62a923cf1e2f0f70900f278ffd
SHA1 701f68eae04beb7a6542fe2b7ac8f0899de4fc7b
SHA256 92ab386aefe647b5ab87b5421ccc87da544a5798718f976f9160048807cb7cce
SHA512 246c27f51aaeff9561a294812d0eae7f8201c3f32c2a6a1bc8b733efe3be3fc2857745dc7dd84b0d6b873aede0a09e7241c9bce7a6071d9c4c801005f55b8fc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca116269b1cdbf14866841f0132b62d4
SHA1 0e7b4317891c50412e8b8694b11d069ca7bc35ea
SHA256 6cef1b87af02753076f1befc26b8517793e330839afc986283b6e7a729c382fe
SHA512 3f7d926a8e551ed1197e7d76d87dc06f7528dfc1ea8873528ee2468c48f5af8413ea3a30cc42b2e22955f528348acf3ab1f4f2471b8698b2ad595909ca09617e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e9cb4a5eea423e8d9144f12158aa896
SHA1 64351b9dec817617c8a98187c7bbbde7d0517c87
SHA256 d7e4afdaa1ff4b04c4f14e9789dcc87311155a5988ff544008cce993ba0faaa9
SHA512 f7f778c6b1a6e8a660bd8fda8c8064323864d449390ed6b69ffeab81191f1318bd5df3e4005d2789711c0d3a3b7433800fd7941351a0bd16698e0bc201c1fe2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dab66fc11d8dbb9e203c1a53f37f9da
SHA1 d20afde9e9191d23e00cce88483f52f166a9ab4b
SHA256 44804c76aeb1fa58616d787b9c84e4b28bca6d68316a0d03ea22e08a6d347299
SHA512 398a82de0f930cc52f801b730a688f6bdb60d3cb8aa9a7e7ef257455a3778f44a36dff5f6171b00281511b2b7a5db622ff28c8b42c93203c3777e287ec7c70e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74d7175c40ac05b9473a380669c728e8
SHA1 764d677db6f5f3110af73b6878663fac4b2ce6b8
SHA256 fb93dbb0bb4258033c69250e53123cbd0d843f555ab0d0b271dad21c0ccb1df9
SHA512 bdc0dfa5ceeba1b7300c3356bc7ceaf7d0ddf5578a222d47250e0a37d44f666be67f2f4d6b17f582eff82468cb19c88f7aff36527c8f6d95e77ec23afbc76ec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 eac626112fd2c46f5cfc304bef15e47a
SHA1 99f11e093818c9c99bbf08d72960bfb17c81dd51
SHA256 ec399af2d2636b8c27f6a37332cc2187dfe4ae7b74b6e4b5803d4b7163542c00
SHA512 2bad079b01c17fcb50e87a2ce983020006a93ec4b96a207beb6cd6881f8dfb2fd6a150b44d42ce96ea5217dfa9b1eb4eaaffef5491d2c527c0506f034ab4f47a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e79b770a396868b27e6869c4325a9c3a
SHA1 d902ba893caa3bb59b72ebce8f95c91bfbcce079
SHA256 b144d6f0da1d4707a883ab79bcbb8a6112ec1c47b3aff25c997a582f1f9d8ae4
SHA512 3d36f9f8607ec07089743d87bf0190ddd3437e3721e46d20ee1a9507bf441c01c68703f9fe5a80290fa2d37f26a24ea1736345c65285700e7500793960fa4be2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 395b2332bbf7dd195157f2d8d00ab3a9
SHA1 b86df3d80ae8fadfba752c11ac2caa5e5cbce49c
SHA256 93250e57d87b33c4ad6bdc99a1482183b2f35083c239e582d2614a098fb41e01
SHA512 3650d8bbcf1801216259911bfe1f8f8758cfef7ccb9131a54ca39c9ea9843680586270af15952c8268cbb5ff323f8e5432bfd3c46b54d2a29c387903894bd418

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 301f97bdd126d1afbbe4c7f8942f26b5
SHA1 7ce91f3ecc3b9d38d55bd659e38abfcb60db3603
SHA256 c717e2335010fd0fee342881d3b5ffbcffd293d9f3806106e061f1a6b953fdef
SHA512 4518bc5ffae6369f3e2f2b1634a07049a6ca795e78f7ec50b5a8ffeda317e84f545fd89f664f19ae2f2c286afc71ed614e1e50857b0905153638e59283e7006f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f50613bf2fcc8b49bdbb40cf3ff4a74c
SHA1 046f60cffd14483820cf7c346c86cb59e3971a0a
SHA256 d4c3db3334b83a638722081d059d8727809bf28d9e2eb602b91f225f24049eb1
SHA512 0fc70ff14e5ade516928901fa7025049c60aa9efda36efb499dc4f2cf8040c791606490ef4d64d50d1168dea9da862ce369bb8ce03a3ac1554fd5040558112e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7d936e51c3f8f325c0de54df829bd5e
SHA1 73cd2215b88400e9be16f13f2cb9d3bc536ed55d
SHA256 08e22556433b52ee72e8d740dede2fb58312e6c3836c78b66b223f0b214c50a9
SHA512 ef3b4ca6cddb9dcd69a1897d92c8413fda5942dce20602e207394e3b0e35e5030bd1bf2e5b3df8fecf716b2d260da762eb3903382d1f6240292b8273814b1ad5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d560ad0dbc4eb9e8b1aa50c7658921b
SHA1 e750941eaaeabf4ee36937809e917897b26b4fbe
SHA256 e96b6cc509891ee8b55333102baa48c7546d785fd0dd1ef0354abc266ee4b0b0
SHA512 b3acd5db538097760daf44c738bea1572906f6eb391212cb01c3a901305c92e3a412b5a2fcca9b97a884ec95b97473f616dd0df7c52faecc5ca2a91d20129d82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8358d93b046bd9ee9284f1e07cfcd407
SHA1 5e1cc1b1b2582d3ed7a85ba51024a4f8b6c2bd45
SHA256 f9ffa84106695ae0523c32960a7855837640d7a4d2860f5307e4542eb09a6002
SHA512 8c75c1f72900076ba22bc173e70005392bcd7b4c51d0c3c94a6f1caa9f6e186b68082f19d655bfec06771e25d8a96339e8cd68fc6ef83cd09d0a9aad26bcb9ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 da3a0f804d69bc7459bab5906d3eb954
SHA1 760f17e528b655dd84678026c516f02dc9f0a6f4
SHA256 e12046c1e6a148f779f3143bdc6cbf0c9ee98a7c718cf89de8c51d84e1757d61
SHA512 3d28b8b95742863e03774adbc3242a319162888ee16ab881a8400ec45e0cc46eca2cc8561cc368cb36e67159d8f3595c9b93cd83151a3ab5dd67add597829736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd7ab88ee603ab4b3a8e9b3776e0ef61
SHA1 4b63f2c9494de225d3918fffa3db560b0c370a3a
SHA256 07e2bad7e4e702df749951e66f0b30717e5f7acdcb4518299b974f347e1494a8
SHA512 c6ea4bb0d10c7dcdae200212848b57294f628b8d50dd473129c7927c5715d4612dee7fdcf9efd97896c49cf0cf856a6b30be37a5f3bede18581e8177b1963f3d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 20:11

Reported

2024-06-01 20:14

Platform

win10v2004-20240426-en

Max time kernel

92s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BC1623B-30A0-46C5-B20B-9368E0C06258}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4174438379" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4174438379" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4173031880" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BC1623B-30A0-46C5-B20B-9368E0C06258} C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BC1623B-30A0-46C5-B20B-9368E0C06258}\URL = "http://search.searchtmp.com/s?source=Bing&uid=fb4b22e7-52ad-44f4-be5a-cf2b5f2052fb&uc=20180115&ap=appfocus29&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{5BC1623B-30A0-46C5-B20B-9368E0C06258}" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110239" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424037668" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5BC1623B-30A0-46C5-B20B-9368E0C06258}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{24438FDC-2053-11EF-B541-46C99DBF4093} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110239" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110239" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110239" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4173031880" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchtmp.com/?source=Bing&uid=fb4b22e7-52ad-44f4-be5a-cf2b5f2052fb&uc=20180115&ap=appfocus29&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8ba28709ea3af0fd6c1f519cb0b6fa84_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchtmp.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 97.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 8.24.18.2.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 54929d49151f3d1deb92d4882fd7f29b
SHA1 74fb1bea4c7ba9b9c69aacab601ad211cc80e12d
SHA256 39e5885ca8868a5612268f987e7007fb20526221c11af4e62426bbab4fdc2141
SHA512 3900823e9765f7cde1d6148c9d9de8079805d30f421728cf675e1c1264440be1a037394edc9c1e0a4497d2658d7897784a96062b6eb1b829ee1245fadb83087d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 13d8175ed1ff67d68a9c89b8f09e32d2
SHA1 9cc4caeb30282be416c4bd61433bc156643f8cfc
SHA256 21e65b5a9708f53710999219f05f9690e74c575dbc9bddf7895cc6da42b3f3cc
SHA512 9faa1282bff3fa4c6a143fd628a4cab56f2e9e2f8e70b43061c49dd32163e92c8a23b6a1ca1c11ae3db23c4345de51904015e08226c2e89b4533177190d46344

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verBEDB.tmp

MD5 1a545d0052b581fbb2ab4c52133846bc
SHA1 62f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256 557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512 bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6DEZ09S4\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee