Malware Analysis Report

2024-11-15 05:36

Sample ID 240603-l5pt1acb35
Target 9162aff33345313d36c2404aaf1004e0_JaffaCakes118
SHA256 146b2f93904fa04b651d49ca5fa8a0ffc5f073f3b13a8fceaf75384e0efbe4f6
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

146b2f93904fa04b651d49ca5fa8a0ffc5f073f3b13a8fceaf75384e0efbe4f6

Threat Level: Shows suspicious behavior

The file 9162aff33345313d36c2404aaf1004e0_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Modifies Internet Explorer start page

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 10:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 10:07

Reported

2024-06-03 10:09

Platform

win7-20240508-en

Max time kernel

149s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CC00CB1-2191-11EF-86BF-CE57F181EBEB} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0DF1BF8-99FB-4A68-8AC7-C6F8953BE9BA}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0DF1BF8-99FB-4A68-8AC7-C6F8953BE9BA}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=5b749699-946a-465d-9ce0-9be7e7e9ca50&uc=20180118&ap=appfocus84&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0DF1BF8-99FB-4A68-8AC7-C6F8953BE9BA} C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A0DF1BF8-99FB-4A68-8AC7-C6F8953BE9BA}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707746e39db5da01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000005f9796861d6f38550aaca7f39575eeb24fc36996db8263a6fd8a84c7608670fc000000000e8000000002000020000000d12afe795530bd6b7617486818cc79737c6cf432955b016dbab0a9b73d44dd022000000077258073c9cccdb5f4c1b00e5dcca90e560fd271d150f9efdc450d3a73ac401740000000eb51b09ca3733eb6b74b3f03a7214847c04598e52288f28016711eaca82ba09d7be99f8fcde3e3d5601df4267e17be9674f091c78ee7a05951f30e0f17ee10b6 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000161c1f1b431e89d102ee8d823bb5772f7f5df40942a3f81afdb00749f9c38989000000000e8000000002000020000000a2fb5c7bb762c086aff8f660bc48565f802e0b3c1113a6bb8c7dbd70e6c4150a900000001c2b7899908baa70ad48793f1180f7395f679072ff25960ac72434d598ae6019a1358bfb9c0adf3ef270393741caf88b3fe416e0893e33b0dd6c4351576e2531fff31b1f465a016c8c4903711dad6eb48e4c269006252f1cad68785ebdf6eb265b66fd0c50a7057c7c2dd85ca04725b0f0beea2cee60e343cf05fe03ce6ce033b5f5f04c26faf7bd10bcee44027134f5400000006c5ec9ba1e7848aa53df42df1d057fce95205caaee38b9527986db08b5ffa261b553cd150fb9529afb4c7c556cfdcde3a91120cc1e117b43c3537d13f63c31c5 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423571101" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=5b749699-946a-465d-9ce0-9be7e7e9ca50&uc=20180118&ap=appfocus84&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2088 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2524 wrote to memory of 2700 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2088 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2088 wrote to memory of 620 N/A C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 620 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 620 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 620 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 620 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.yourpackagesnow.com/?source=-bb8&uid=5b749699-946a-465d-9ce0-9be7e7e9ca50&uc=20180118&ap=appfocus84&i_id=packages__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 34.234.0.52:80 search.yourpackagesnow.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
GB 18.165.158.5:443 d3ff8olul1r3ot.cloudfront.net tcp
GB 18.165.158.5:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:80 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:443 dap2y8k6nefku.cloudfront.net tcp
GB 18.165.158.56:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
NL 82.196.7.246:443 api.openweathermap.org tcp
NL 82.196.7.246:443 api.openweathermap.org tcp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_tiles.tiles.ampfeed.com tcp
US 8.8.8.8:53 analytics.google.com udp
GB 142.250.187.206:443 analytics.google.com tcp
GB 142.250.187.206:443 analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 54.158.195.25:443 imp.onesearch.org tcp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
DE 148.251.136.139:443 openweathermap.org tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
GB 18.172.96.64:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 imp.yourpackagesnow.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2830.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3045029048e018ac5e2aa269a6dd1c3
SHA1 4adbf027a766a727704b02f021c5dc9c01940937
SHA256 34066a1556c443067df773404c9979328bf70619791e737844b62a9355533295
SHA512 ce5d7e79616b6366fc7a0d7b653d9ce732d685c67f11c182f4504399bd2e389c49919c398d0c74d2a53e127b7183e06d1884619837ffd7e4e408f188bbfbaa0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3d686fa2a39596c560759b1ba3f8f631
SHA1 23024737747fc87852d06c89acf83321ec4b70c9
SHA256 cf703b244a099fec12bd981e52cce9e68b112d32c4bc6849904d1aa8234282e8
SHA512 779f00baef9eb21ee9345f155ddad4ed686a61718e6a447c7eade332800b3de6fd8f72c4fbbf1b52bc5fa3ad93d44641717e6735f24079401ada9a6e015b9861

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a982ced7317e66cc2ad46852818ac3d
SHA1 9fcfdc543430a6a56c6415dece066674ec600284
SHA256 7bceb0d96477614a0946a845aad608ea556d52964b72dfd72b4dd86698ba5de3
SHA512 04ffa8b5b0ed8698e9e1210631636c8bc1e9e63c2bd51c325410fb19056de3c1c5e6fe7b80c6d74fa75f24d77655c4cc9149b1d25eb350164e33de4999f1cc68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 720b016f5f1fa497b356eab884acefec
SHA1 fdea62587f3f4a5b35e9ef6ecd92a98ba1d98aef
SHA256 b7430b7e02a0ae16979beffa841bc68bb8c58a439d287065eae0c21095562beb
SHA512 4f9e2991ed869f67f0f2bb32bb5de892f72b49a81f4db7093c29ea6286a8f2da065aa67ce4eb6fbbfa09191e7f928ef36dac6e33badf5dec2df3c15a9c48ea4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7f68a3e978458c3c04ccfc029b596a0
SHA1 187b5e8052024334d574bd57a84cd3fb515b5a98
SHA256 5ec180a6ef7ace35ba7f031f5c18ce3a0274c9a34d08b25297e119edd8409f81
SHA512 95833638b869c0192fc817bd64ad4de2ce87f7a7a48953d1f981c2648700c83ceb472177203735b1506d456664fb8c80a287c1df33026ecc4860c1bb290789f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 030705dc2e16bdcfcc553fa69cd2b521
SHA1 d52ee40070bb32e454c733d0f8b8763475f83691
SHA256 95afae6cfa9f6f4767be38bee7c4d70d20d1d55779bd8514db85e6959b17d77d
SHA512 322cf2209f3492f584937e08f5d625239fb7821b79ac9b494b30e1cfa5bc220882d9fd20b74e630ef9394e87422cb2300ebc95fd65c6f0724ae26315fd503a5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45d2eb6e67e84ef690a9ce58080ef0a4
SHA1 ac03c45418bba8a56a5196818645d72032803080
SHA256 eaab99a344a9d0e9c61ea110135dcfae28ba8567b7d00a5d5de73c58a70201a7
SHA512 202f51c90e2799fde2e845bd37dd6542d22d4ec472bdef1bec228fe7221ff51d1c381094687105ffc110a546981811e6d0fce363396a9e092c3b0cb2894d2ba6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8646cc65d654ce0714a7fadb50aed96
SHA1 103aa6eac624e954909887b80f97d1e0f9dcb3dc
SHA256 eac426b6a1c4446237d8dd9edd241bd1901fd21766369cfb663ba005830c772c
SHA512 42c696fb95084500c234da8d1b355ba7ef1f294a05e9eba7263c5a83336faddc9ef2d5a97cddeaaaf373c0700fe48e7dfcb4601736e9cd600c2aa7c11b1eb695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 f914e618304af57c155bd1dca6bf4b36
SHA1 b6d4c2de3012b342da291024fa60085a41b694b1
SHA256 56ef7b4e3d131bc120087fbbe085653aca1f1d3f751bccaa73b4a001600fc67a
SHA512 c473fc8730d0b753d0ca52bba66d1711ce5e8d628d0c138470d41bc52bb1ce9404bbc02fd6f5834e8d8ee577ce4ea2e2b9951a4c508d2ca8fcc8473b98551eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0ae667be1bfe890896c3001cd76fb4
SHA1 73966c7578a296265ffef23a628e330c3f4ec712
SHA256 b39f82c5a2602e27226f4f62d7a413a5f671c7adf4b70a3dccd48531da28fdea
SHA512 26c317920f674c83e63da8aa30babf8c37c5c89e81cf70542678151c0e3e4af1a673098aa805286b99c9270c308d57020606e1fc530ff01670d24ce081d870f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14505f839c5f12f1452e4d3d738bbc55
SHA1 f9d43a1d5f342ecd71b5e46cfeba82a930b9e22b
SHA256 28b86c2028951a9a51e6b3bcd1bf70748e6f4944522bffc8f3e6f7f335d8984f
SHA512 54222988c13877f1724af65609de272e1e9c2a8bfdb3948ae2780da06235dc005b2989f27675dd5faeb51d193f18ca7c9f7a47cb2cd1bc6f20d2e183fecdfaa2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\js[1].js

MD5 320c9bdceae1db9f80b8befd574b8eb3
SHA1 c189c932b468be18e4f578da7449482f6671e4f3
SHA256 6c49b714d421bc2a1ca5f5cff2fc8edaaf99906bd23030ddb388dfd60fc79ab3
SHA512 548168d8ae45d8adbf06c06e3ab314e67e24ac41be3b82689764e11085edaa57b917e9e3f491154f5dfa512543a6afe85c739e46beb5fb68de22536d17a50dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d0f2f689c7e8756aa54a1731097f374
SHA1 9b5da196ee043f855323d44725c2e0b38c92afe9
SHA256 1490cd7310b493dc25f412c830302e33ece8591a99ff0a8a216c1b3bc820befb
SHA512 2c0b03e82fab01f435df99bd7bb6aeece3561696faaad0d896af788f9f8b472a67401126f5e22ca22277ea3a392f73d841b512483278aaa3e761e7a9929e7f1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0e280016e2af71db6fe2db436b3fd18
SHA1 ee36cf0b0c2a21a4172cfec9e8bcdd78013874da
SHA256 b102fa00f9513456ef1bf809068704fa1ae7347091c82e03b26b2b0c8848d812
SHA512 c356f0597da5216ab2f5fea074e16f05e2a9fce9005e3b4199f6876c9ae1fc57f3a7e4a83ca9fcfddbb01e2ef0a9f69aaa2209de8f4ea562826f53a7889b627e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 427ac55cac095bdf07dbeb039fb333ba
SHA1 f934e96715a60100a3a012aa5f94f6422522a33a
SHA256 59b834a12c712629678800c8b32794063b6c59733bb08d93a9f0467a2a974175
SHA512 1b10ca7566b9be7a1adcee2e822b7f1032fd3cd409189ff88a631274e550b6fa2d5094cc94e5eed01e8641803fffcbd37fcbcb78ae2e24f3f905a1e65951605c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

MD5 9f2818b6934693c6f8b336938c1b83f7
SHA1 83aba9f7c80313992553f1c40188e09a404ae943
SHA256 1bd3a70b593d33b1bdc4af80560509778580aed3c3a6a81c0085a7e6c41bc37c
SHA512 75651c264caf478f23f6a3abf8989e38de20ed2469cdf03cba38ac92d7e4b4c45e5fe24db57245a7fdfc2f9f61320ee72fdcab498ec614338728c51847516366

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d47453f40f54d0034a4053f892b7dc9f
SHA1 18a1f7261a6494cedd69a77ba9bb50af43835d30
SHA256 4ee1b0ef1006f8329e93b2776024bcd2f0230593a85689537f835f38c4bf32f5
SHA512 e9bebaed8c130bf1a6bbf272584c659aa94df8859dcba0adab559ad1441bdff4679f17b08f91c6e73c898967e8ecbf4930c17ff32aa20236adb7a005099b9bac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4988d8ffc6fb591fe8ed1cfa4cee9069
SHA1 64202f98b71e8eaaf2231e8fce5482ee93330982
SHA256 dd76676276db5779cdee23491ae70a45220895fba54633ee86dc0574a764d9b4
SHA512 9f2c1a3bd643859f11a6f2e9e960c89e10257a64175801103798099ccaf6b009a66bc12cf5122493ded579a11838514230f58d25806b1610e16439356fde4b4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3f2d4e9ae698a5fa1d6a542d4c06151
SHA1 9832f0e3fe71b5aaae272af08fab98426e9ecb1b
SHA256 66bb2c930889096f285f356f2919ba6bc34c5ff34554b04c3cda4f99acc5ea2c
SHA512 9902b5dec9fc9714e19f41b63d0243aa6b9848f8808d0e47a72a5757033acb76e48711086ba776ad1b1b2ad5e0c38b2aa4464513c2bacbebbab8a365adcf7b14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

MD5 f4c1741d63eb4b9d9f05bcdb090e9b0c
SHA1 aa7c4ba352d37ce3144b1050539042bc0649782b
SHA256 e9cf91fcfdeee2f52dffd12f21a2f8de45610f5bf92020529e320561f236e3be
SHA512 e542d18339b5e909f2752998a9217798ac20ed3ea481bbcd394f12f1689a000717dff36bcf371eef6d3bec0667d285026043428e3d8cfe68fcd23ce2aa38ab74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fdaf90e44f3bbe6932b7847c7314e7f
SHA1 c6f0e5854251d307e6a42c306c73788e645e527a
SHA256 1e4f8be0dac5066810de4f570f073876372e31970a7e82002214586b8a26a744
SHA512 4d004511300e49652096cdc898a9d23e1f8b3177b6647007670df234b9b99e3e3c37981288bb966d658497f54e93005b5d9fbf6a28c82989bf1611658e273229

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ec2635d5b73087d95affe1c9a0e8eb2
SHA1 978b80e97c6aa4472db61432deea3c497866b178
SHA256 7b6951acbf487a5e88df2d34c6d7bcaeb68f69ea5f55ad285c7e57eacc9cc1aa
SHA512 2e14c9acab1363236fbef69e53757847b4e5f7166f30f81cc76e1e09e03c8bab93edd6ad31756f07bf638060e8cabcdd37ee966b9e4e4d03360c649986872dab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37542ba15055fd545d684970fc254a17
SHA1 f667118c6f87f5e9e7f62dbc7b32b8b61fa8ccf5
SHA256 5c3bb897506095eccc0cb6e6eb51dd9d2e289d0ac4a17145d3d6299e5aae9c52
SHA512 5469a4cce381a672aeb0bee0a20f7d5e1b6dc49b1100cf36e30d95ded21d14975b42e44319e0ccd65c0904f5f2667b233857df7c94e792506cebde2bf038c282

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b6c7418f5522615c04cc9dc57166ca1
SHA1 fe7e22d3de4c6cf835941895cda38a75ac64c8f4
SHA256 a41ff59196423319fcf446a981ad7f0b4b6648bf96295fcc6576f9848baa6829
SHA512 4d7daeac5e2c10488fe6c5ec28aba95ad592f2a142c39059d9851424508f258a98f165e5d65690baad4c890f249942c8429e1d261e529dce5d12632d5a487d35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 087d18851d10d749c79ddb1dd0b822ff
SHA1 5f676f1203dfbdde756fcb55bfe23e7051596986
SHA256 18913deb26e30c1d9d1946e2fa9b880a4e3558de05f4fbc24ffc1c3e48b4c7a1
SHA512 443ec3642deecd2b9606788d279b63e7180d195077aaa9a0443cabafec0afc4b8020545199a1145fbb2a29b129cd5047f0a7749bcdbd2945a3c1388200af89e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 64649413a104a68f24215b1453c0f483
SHA1 812e473c6a3401854b708a7ebdc4783d978f4936
SHA256 f9bfd29e008268f67e214e8cfa7e9e421ec2d46a058fd7d521f064e91b3c38ad
SHA512 fb748a37d9c8ff5070c9df4a5890d612a2be23f3242889d7e423d793a018a8701ec14042aa0d7fe9ac690766dab9a11e2107b9f96dcc38802a5a7ffb67a08c6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 7bee9073f07c00ae36e0ac617bc237fe
SHA1 8dcf640cf1c3a4a336a52346a317f1a82f442d66
SHA256 7400da3e4e1c61f1f3bde5ca1491374c0d7777a73bc823f299c2f93b3135f7c1
SHA512 896e63bcb1e631006f521af1e8085031032318446022cfdfb3a3ccc7120a5b8a8b432620d1243d214fee4ad0ff04a326e2de7b380c2cb06f95b795569a696590

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f034ed4020b327e8c9e274636be74134
SHA1 e1b18c65d6d11089feee88410431c0b7eb05fcd6
SHA256 8043d58855811b2b84a46540ba06f0f1d1ad481298ec59007b5721c40a4c0150
SHA512 2013cacd8d4b3ddfb5dd3beec2c991c0d3e60f82bc70e953b3c07f42b39d4add20edde4de761b88b25b4038762c2e211de344dfdf0a72b1f5abbcdf717c1b8e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f22a6667be2a68008788b6859770d661
SHA1 1f83e5588956d9226d93706cf8387f448027dad1
SHA256 467d9b17ca344cb03fa8e8467b377e2d2f37d3357aa681bd0e180c08e98b2ecc
SHA512 6074f59fc6bf011b07dd5a0741fc27fb8c1dc1b0c3dfe26f31216bd6411a128d3be106b1485b65c408674a1bc3ff05e38ea3171c678fd3d835ae1d366c66b9b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc03abe9fb39d6ff39a1fa096e82616
SHA1 338c9d217a231d4bc2fbc62581af045e2f698fc0
SHA256 ce08e786802f72581d22403bb80c3f9e0860c5bac2f86d675a30af2cc3f3c5b0
SHA512 4b9545936f9d5cd6cae3e1392e22ef18968989a11c281155fa9f61b7f10ea5c3cbe07cba948e77c15f124e42d4a2c7d1265f29d1611cc9698dcd020846c5bd24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09bd6ac82bc7474eb5bbb5ee97640dae
SHA1 b41ebe30f6f4f6ff76faafce9176c3e7978119ee
SHA256 d9057fbf9964b8ac4b9896e1bfcfe557a72de0c85848a37ca6615762db783e81
SHA512 e2765dc8db891ae26b0608855657d5971de2c32ac40a220020238b84aa8f72ea922a5048554e2f5a9743ac65e0d3e4d805d2ed2ce9e493c1d6c4dd779b3bc56a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9a12822a84fee1fa2c737affb09466c
SHA1 a86ad7285da02cceb767973ff938400d082860e7
SHA256 94c09413b90b3cfad749e8d9b929e09dc07b32aff5912a52fa32fd082be74df8
SHA512 1a1c92a7e606414c071b2c7f871bac013426cdbcd093e2337cf75484ab50a03302a2d06fad1e02b59e1bbcc4b5307bb440734667d2b89c4e8dd971871036c239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df2ec6494398ee1b4c6de2067c8db4d0
SHA1 55988528fc499075f717ace530314de1690e045b
SHA256 2344a23cb01045b867b6a0b9893ff7b57623c34e80da65affe4e83b482849857
SHA512 b33fb73cbdab0467e56b32353f50e068e6a83fc6650fa82a6753bfa4e331f035e4504af4a72b9b277aaa923213130ef4bcff2e4a345685bc52f840c6845f40c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d365ca571df7951d89a326bbe098f6b7
SHA1 749bf5bc4521bb6a7037150e0d4c60bc450270a3
SHA256 690b6d331029f4d15deb3fa774af97b4113f3af47f4e9357a3bf8e1e3259b96e
SHA512 c8e8de23428f1cca0cd85e368e5e87a90741ddd872e400f445e1e41f6cad923e768bf6e5a4937f338fdd28cd536369ef784cb7acdbd5beb3d5e1abf45e44a7e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 a105eb2cd70eba615e02c032911db2e7
SHA1 58ae7a5fed889961cd00aafe6a73b27e157c488d
SHA256 786aafea51285abf2833180de8e3d7116cedf3a63e3135fedc016b24280a1aee
SHA512 627c9151cf1989c7bdbc8c093e06742f72f9d9f73db393eee0f7bce649ea84998cfc953fb11f5dae3b920f67337d43eed0aa7e5b3403de966f5b6f91221f92d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 2138fea79ef81850be2759b0b5eac21f
SHA1 36d6dc39723857974546a0a5ac707e7f6f348e57
SHA256 8e9d06ee4acb581c758727f1ad48303059d6535af9c23f94b4a844e45c5ad452
SHA512 77844d7cf7f8e872be5bcb7f6b1055388b53ae0366a10eb5cf96511a33d5ce4a94fc7c4d355dd2007c9118e8ddfffef147fa9c5412b675016443d2346871d6a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 fc7ac7fd85f45385187abdce93c499ee
SHA1 19b88b7d2c00a50974aab32099a855e797207320
SHA256 210e5f65bf300c67e33600d1ba9cdfec048825323236c7339daa46b643cae437
SHA512 d54b8d9d91230639e0602b65248b9e57ba162fb9a4ddfeed4be965b435ce18327ecd333e0128e164d49366b7706168142b7d033c4262a9d05ecdca17b174da17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 ecea47017e62d10e058b0ceafdc7591c
SHA1 01e09cc1b267da306575689a22983f1be3b43603
SHA256 08e9a5fde5ad192b37929d653910b192e9c895c83b9601916067d1f66c06da27
SHA512 b546a01a3cb051f0c501c46fc883a31069edd9916b6374c9438b19f25166bb21577d1a4b433e0d95afc9a863b05523c7cbda76b94cf196e192e0c7d5645eea2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 fecbb7b62ae1d31089b4b21ff4de1f37
SHA1 c0a3578591092da9e64b207c01e453fa04f100d9
SHA256 f9c3bd66f9e404a2f04fe249d270e9d3df2b83acc994464520c1329f827c79e9
SHA512 9d10b958bc400063dc3affc740a96ed8e6f15c5c0940d1208dd64da0286a5fcb454b1416a110193985f7ea0c5482bc8e8f23c058f76344965875fd61aa9f6c8f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat

MD5 f483709378b4427a0caaa91b62e5b481
SHA1 9750b04b31e187290ae4833039380f6af205b1af
SHA256 a8c605d9587123b93a84a178257c68a2668a9b3f5afd4f7b64777c277c908953
SHA512 a2a6688bcb017dc6fd8037ab962c879c14f22297bf7feec18cfbe9d780f9c770b2db74616e88afa6f0d31d3eebfa59c1e2b27eea25ba9c0b971557a023a28283

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVBQZB4R\favicon[1].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2HVF1SEW.txt

MD5 5ee8e2791ce83363b0b85350e7e094f8
SHA1 e7bed1c2328e45f8719cca9872d77fd2f1814af4
SHA256 d4f8028c0f2deef1a07b23900bf87ce11482cd83d3de3adeccfcba5ec1c38809
SHA512 7aaac011e1a90999447855f106333d7288c1f3b775804f891f11702b6303a5d53ad192f3275475145aeeca0fe2085356e51dd1995f018c52ad957f11fd5c3227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc7209ad6e3c828ce3c5a7e8d8dde9c2
SHA1 79c85334a67b38c17d0a4b47f7e62254f606dd3e
SHA256 73b28d81815b4a145c91481c3643058facda8239bebb128aad1598bd9dedd548
SHA512 6e5a643df116ba634dbf83fcf0044ca51c509e984e734eaf8b476e1e9a8d12cba5cadde5a6105691dcdf818f3c38dad7cc0dfc6882ec6507a5ed458b9ec3952e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa4a3980b594c71f2419482d05747a7
SHA1 92ddb3d4ad497fec7dde77f6cbbb395b9123c51c
SHA256 658ee3e03738d4c020dcd9a4f9b6c3a4e1152ca896fc2bc989206407704b0137
SHA512 e034a3310794d47900c9be0cfcfe730dd829b49ecd8c3e9a02e7b2e66dc5c8fdb238c619cbc16208b9aa3edfbe3222cca60982d642d5a09958dd5f5ca1f10be3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56f58da72f8e57913b078cbfc83bf7a8
SHA1 a40e71c3d021df80acc22c06683b7204cc77e316
SHA256 82293941b7c68601e1a0c773c695b8a7eb465a2d7dcbc3d45b5ce4c1aa91802e
SHA512 4864a1d3b15c122e8f1e3b768ceb38059c1a3e60b6cd55432d720586210ef6388d41e30bb9c9d8ce109037b703fdb5ca476b0e06725e30133129595ba7788631

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bd2b2d23bf5f4287b458a901038301e
SHA1 980a1d7d60c82e65d5ef478cade42d152f7306bf
SHA256 e3096f78a7a2593b47764fbae88e5989d95185bfebdb76a642db75812db5f94a
SHA512 609b99d0e6bbf3baca5298541fda3242d6f661007582647e4a99d339b31739cb5fc3bc242d2247f42fa5baee66f164935ff9b4258a8c81157d702c79e5d4c275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ae81cabbed1dfbcb6583ca6d361e58
SHA1 41d05d61ab057bf5ca72b87b4842dea6dc6f2679
SHA256 53a249e328329d59cf52fb0c2586e4fa578337d389f590c9e93d4bbde42b2cad
SHA512 7438ecb8914aff92f41aa113dcc13923902365eac5e1bcc50e6fb6cf9c46ac8380c07afa6a3b62143dcd8b407d6c551679dec33910df36ad29ed21c037446495

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f69d04d4e5cf9d83232157a367b0ff9
SHA1 32a2172a625ff3a3c5ac8f70688e19928293a09c
SHA256 efb859e3ae3ea518a0656e3f39879a82316900d5a5f98089b323eb0f6a6857ad
SHA512 e56d907d140f7c2babc59cdd62d1d9a7a69c491a9425919ba1da52b798db8e742e2c451244897ad0079ec48e53aa4300e435f2d747239571283018294862abf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52b2b6a789777780ccaeafd852fed922
SHA1 fdb51254fb9054ea21bf50d5b00a9af8f3fb86af
SHA256 779770b45385e28529d225821e9d2711c45b2a81777f7f09adf536abfd3ecab9
SHA512 b99019460c6bae4b3d96d382f8ea1a6d9e4b372219e1b35fe2edee5f3032f1218ba589f584fd3b56f1677649260f34212bf8a2fd9afbcbeab7409d96bc5fae46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc8a542882df0d931bab81f6aae5bfb5
SHA1 99ef4752dc6dfc9f6147a2a3c913e1217f0c907e
SHA256 ee352f5aba5bbb10b9a72a68c1803535c744122ce18867539efbb90fae816a12
SHA512 b0df4db488a56e353c7d686bcee4b0978ad1c453d3f7edaf85b804b71cd8aafb3175314256b0953d460c9ce568d086e49f2fb766375065b6532583e5bcd796dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc7095d6224f2eb54bdedbaff9947d22
SHA1 577181f146e8b99cb94c2c4b880cc36ba675bd17
SHA256 227186f1d05ea26b8a4c1ec899218ced3ab0dadafa3908fc4999b7d0eef16952
SHA512 bcd9b58db0731ab02e234c204bba93d83022c2e2f0f17380054524c2a4556c43e047923debf23b0982dc3fb6dfb4b73e091b3afcd107bc4d08adc3fa0462b3cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 277ea3cbba2a901f7bd1fe404d2f4755
SHA1 7808ba94739eec4d04b07746ef7d8e495571126d
SHA256 1db2d32e159f1e3a6fe4e3c57d0c4679d56a3efccd074d43c1b21965983d5ffc
SHA512 f8b1131b48fe95a8b7903f96fbd4811bbfa8e8b4de5d2832eeae31a3b11ec7f3d3603fafca4748e933aeb11121d16f14864c77931d3bf5563dcc81fc08e9cfc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6831e915296c86f48df6dd697e9a9fc8
SHA1 85fd5565dbbf553bb35ef619fce44e82306404ee
SHA256 57ac7089a8b7d1541864bcdcb72d1b5fbf12db3b97f9eb36a6121b4d7a20c0ad
SHA512 ffc1c44c9f4cfc156d508135a4af3fc2109bdc6ee2c20ce182e38a3374545385b2a56526f8c69099b9b8d3604d3e62098553720d99b98004f9e3d00b555f1ee8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3d9601e17ba9d0ffeddaf18659dca4
SHA1 51466e25425dadc5752abd335a57a871a8c3527e
SHA256 23db42fe2b424f6cb6d924c96aa2f3d55bdaa66c346a62cf96f700e5a1b711df
SHA512 6daf5138b2844051629968bd913ac81bd5936efc0589e93390162d6608965b8675e87c6156f0769c8d0626713bcec6e5e594244a5687772029ad2231023cde80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74b0ebaec9698505d5137fbf8b3be5ef
SHA1 913c9705427f6889011b160a0e78c66dddf814fe
SHA256 6037f99ade3a64356fafb3ecd2024428f256415bf3fca4081538b833e4c5dd5d
SHA512 c0a501efef64be13505cd1d3a3678e35c621693f98fbbde66ddc966378a94cb4d8d683ad2bbb9bbc2a2b40a6ae3ead733b638f2b03db9530b24f944b58eff92c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f17198136463358ef622e9f07d84d28
SHA1 7a05e8e6d0e6032ce80f5d297c225729a14cf7eb
SHA256 29eb6b2228d4e4e29651c6c65cfda151a6e64af1011661926f4adf3a7401c229
SHA512 021627f185aed889928ebf5e7bb62f3047b589f1c3335e344bc505a603b24484805fdb95661fd299b8ad7648616b13951698bc31db05090b356bd1ee96d57deb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fc724f715de34ebfbde364943c14548
SHA1 d94fb99bfc507ff6f49448480886c43ad8152d2f
SHA256 79e2003b51191dad0c0bc4a3b1189b61c4b46be6c224b2933835d8cfb133f1b5
SHA512 32c76f22091a54f492a2b973243088732117ee3c72f1702f7f69eecaeead7bb01abeeb754ab29b8c00d781323790e822bfc1c0464e43fc47449092203bc93c64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ed5ccae32b3aa485406f06e3d22de09
SHA1 bbdd718905570470444ed9581042bef7721e23d8
SHA256 2ce677ceffdd213cb0e3ef37b0470f7224cf23ab9b47d0ba07dca3c567dd9b91
SHA512 4a9e5042129b6b56ef1464b0191651c43316b3d73b57673e1ff636f16e8a12c17144d301f3655e82cac6b64cf85267ccbd35511bf10c2d8756a765740b7100a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53c7be8f364b4720392cab1c0a516225
SHA1 b88adffccca2632f75eff85f85b080ffbcc7d568
SHA256 634e373bf61426a9c0881c692c18947f525845fbbb1608c3a0eadd5cadfa3653
SHA512 2d6f12ea5ec84c521be2d0a081e0db501bb60f41e4a347ec7a1a9c0d996f9f5b679d5baba968c30defb5330af912105abf7fc3be4fb3158f3c5a9bc07fb1e52f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b72159d72f92327d631b21b9d5c3e78
SHA1 37da28c7177ebad2103228d13f18f540d90f9103
SHA256 43b3261f27664af4bab107518fab89a731bb5a2502bb5a1c272f2dd3f49982d8
SHA512 b07133c202ae51010e029b823210204cc6167217a9dbce09a28b0f4e64ef068a738b8171ed5557931bade685f5209fe3fca11754b0d73bb466c3435bc3a2b45c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 10:07

Reported

2024-06-03 10:09

Platform

win10v2004-20240508-en

Max time kernel

135s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{11CB46F3-934A-4E4E-964A-4CBD5A3FC80F}" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110557" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110557" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11CB46F3-934A-4E4E-964A-4CBD5A3FC80F} C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424174208" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11CB46F3-934A-4E4E-964A-4CBD5A3FC80F}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{0C75CC8B-2191-11EF-92F1-D64620966489} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3772264633" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110557" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11CB46F3-934A-4E4E-964A-4CBD5A3FC80F}\URL = "http://search.yourpackagesnow.com/s?source=-bb8&uid=5b749699-946a-465d-9ce0-9be7e7e9ca50&uc=20180118&ap=appfocus84&i_id=packages__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11CB46F3-934A-4E4E-964A-4CBD5A3FC80F}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3772264633" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3774139689" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?source=-bb8&uid=5b749699-946a-465d-9ce0-9be7e7e9ca50&uc=20180118&ap=appfocus84&i_id=packages__1.30" C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9162aff33345313d36c2404aaf1004e0_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3652 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 e7ed3dfdfc81ed8e5a7156e46a067388
SHA1 7f3c13860a43dc2ba075379341eee9fa4bc70079
SHA256 41e05814fbfd259731f667d36ddcc1aeaa0bd59546a514ea03a90f681004b6d7
SHA512 14d4d01a6fc15476d91a30a8d0698bef051c6b435eaa038216d696036b5c861ad2207695d885e5e8fd5fbe2738756845612082926785a25389067c79ce040465

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 de792e36504a8fd4a63bf3a40aeb6be1
SHA1 8b87fbbf67127a0c06df488a435697318b8d41fd
SHA256 c8df0dfc878b95fa0fb00ae5913b967ebc1cbf74e507605dde219d1bafc91310
SHA512 b1cb3936246a4ee7a2d10c7629ddd44ec12bdb1f0a48d390ec0a79a393649ac19a0a6e08c961292d65576ab2bcd32f48fd6ce06b6ab0712b9fc6652babc4cd00

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKWDYRX8\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee