Malware Analysis Report

2024-11-15 05:27

Sample ID 240613-bxcjlayhpg
Target a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118
SHA256 fd0f165de1eada9a8768d05bb01ae386366947c925886208a9fc720267e9de35
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

fd0f165de1eada9a8768d05bb01ae386366947c925886208a9fc720267e9de35

Threat Level: Shows suspicious behavior

The file a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Deletes itself

Checks computer location settings

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Modifies Internet Explorer start page

Runs ping.exe

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:31

Reported

2024-06-13 01:33

Platform

win7-20240220-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4007BAF-A7D4-424B-BD59-847DC66F8E53}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad3e69c4f9c4b04ba814f9c418aacf8b0000000002000000000010660000000100002000000080f7f223ee196b6fffae71fe6a3678231306a479c6daa4ea1c9e1f37ebb1dfe7000000000e8000000002000020000000c8163c4c8cd37057bd8e8699f0b0f5c9baab59d97c5d7a1f9c8533e3ee7e59cd90000000d2d28970e410755c69e4a24684a5491b4e6de5b48bd76490c982859942575b196eb0e056c8c6d63086d456661272deb58d1cef561bb88380e358c2662fac1d5e525358a454085928eeee0dd3538c2e3c80f638346435fc2d73cc83ca170d9dfc1f22482618bdd42afa866822829dac987ff6ae92766a55727285ac7d831623a3c610d1eae37515169c5c783ca4aebbb04000000024bec34ded175f54fcd69f04f9077c429b8d2b5f8e17bb417a870368854f9f81d096d9bb684a78c22a5472c297f0ab62fa961e74e5cf7e5dce292fc2577ff1a3 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4007BAF-A7D4-424B-BD59-847DC66F8E53} C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4007BAF-A7D4-424B-BD59-847DC66F8E53}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b046706e31bdda01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424404129" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E4007BAF-A7D4-424B-BD59-847DC66F8E53}\URL = "http://search.yourpackagesnow.com/s?uc=20180506&i_id=packages__1.30&source=-bb8&ap=appfocus84&uid=b6bf2771-588b-4a1b-a78c-72949bddf77d&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{981681A1-2924-11EF-AD30-660F20EB2E2E} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DOMStorage\yourpackagesnow.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad3e69c4f9c4b04ba814f9c418aacf8b00000000020000000000106600000001000020000000d4a138070d699dd055c76de2601c75d4ec42d23eaa43852d064873d2e8b422f5000000000e80000000020000200000007831aa6ceda38701633a5995e1a342c5a153792bd3655d2411dd14826e26638e200000004f50b15098f53ab72f830b44ed9c1b171f972a23b7a1d786aeb131678f6cd1124000000094d77d361913c3f57b8f1aa688ad80e7ab3d3b87d7d08d37e1b754e485d785b5f29e1e280aaf7f7b005d55e4af26f39aa6bf342f926093db6094afad844bed29 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?uc=20180506&i_id=packages__1.30&source=-bb8&ap=appfocus84&uid=b6bf2771-588b-4a1b-a78c-72949bddf77d" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2672 wrote to memory of 2472 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2036 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2036 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2036 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2036 wrote to memory of 2204 N/A C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2204 wrote to memory of 1444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2204 wrote to memory of 1444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2204 wrote to memory of 1444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 2204 wrote to memory of 1444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.yourpackagesnow.com/?uc=20180506&i_id=packages__1.30&source=-bb8&ap=appfocus84&uid=b6bf2771-588b-4a1b-a78c-72949bddf77d

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 3.218.80.136:80 search.yourpackagesnow.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 3.164.160.139:443 d3ff8olul1r3ot.cloudfront.net tcp
US 3.164.160.139:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:443 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.176:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
NL 37.139.20.5:443 api.openweathermap.org tcp
NL 37.139.20.5:443 api.openweathermap.org tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
US 34.235.17.157:443 imp.onesearch.org tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 34.235.17.157:443 imp.onesearch.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 imp.yourpackagesnow.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar18F4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d7fa255f090db9e3dbb6d76e58c5733
SHA1 78916ba86596893549bc33e75d430fcd2238270a
SHA256 a68481c46089a48d0c84b9ae259ba7a36a4090b8c381769c2a1b1779508a6539
SHA512 6f9c32343f91aa4dc977139319f30026622909f270cf57fa1817901679d4c7a00bfcf797b09994eec6cd29ff5ac04284cadc083000dd8ba8cb959c74b6bd380c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1a95abde2f069455a8431301350e72b5
SHA1 dd397d0d2754a72e1020adad9f0f67b3ff24e008
SHA256 8646548b2ad751e689242c137c3af60a399c34018cd85f6f2e414c8188140fb4
SHA512 a268c26ece47ba5d97839365fbbc4244f0c5d7b0fb6e11e667a85aa91c36dfb67e70d9608b7e766f5407e82f95c89fd5c31ef64aef8c5066e8181d7d08eb5a77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069282a1019eefae8b09bc631e08e04e
SHA1 6f0caf517512654467489467f6b0f5deca233937
SHA256 a45e1c75f3baab25b7512011c7115debd863aca78bdeaee12899c2b77957bca2
SHA512 908eb5720ef5f17ef15972f01f5a1eba55d64765c92b0b0e797279890f6c28b13ce6d31eb180fde4fd321f8b7135bc55c0adfba81c99427113a9f4674998389b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aa104ccda931b5b022c6f285dd585d3
SHA1 0f3e81cda9bd13ed24560e82d6da7bdba4393cea
SHA256 3763fcf33c985975fed6728075d7e0d64c1b2bcc83a733dbe75399813e6e8f3a
SHA512 c48d5c8854daebeed8223ce0a108b51db70526e571802520a7bf69856f8011592b6a692e9fe17502dbb7ff1c0f1e841a34c2676fdf1db3fd6abe44f859b0da70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a702d3271c28a8fe44c7101b1578d0e
SHA1 e9c676f605ddc0f1e64d7ba6c3a5c66a149961c7
SHA256 6078e9e0208444b3de265f21068f9b243b31fbbd732fd06dd939603ea5474101
SHA512 123d4eaf76b8df1a39998c8bf1b6431f520318938745c6e2521593881006d20f724f729083e51ec8ebf6d26a3a96b150b5724808c8bef08d5c2e66095ac5968b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 0bc3d2913aec3ea9983cfdd1cd31a856
SHA1 e8dcc898def847501f2743890022e9b992062438
SHA256 0c81b771365b9047f686b639c41c467e31fb6b4f22e9de717338fdfb77233e65
SHA512 104e713e82a5737571dfb7c48a65a963d558a42be9307762b924268ac5712d2aa411334340fa55f09db1dbf468b8dd0056195067672724b87f3221c2d2bb6fa2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e71542c46d3ac18743eb65c64037520
SHA1 a1133f6f5da6e624a24b0a67d746d029828eba21
SHA256 f0cfbbb44cca3a6fe6ca9661108c57259db210ce99242efc8dfbbf710794466a
SHA512 cddd23a80954dd38e632262584b452bc3b946f0ba26d4265dc3ff559a0b0e26fe9616bc0b5822609207474db16667706a11f6cac48033d213ba30f9216c8afa7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbe42d119eb1dcef09604ed12ad58caa
SHA1 a38e3b7c9c764fcf57dfaa3a29b895a173e9720c
SHA256 31b56674d7ab7e58f2dad575a1481775c2fafb08500cc8e306ab8e6150773cd9
SHA512 4cddbd88fabffb49dae325f883f74b73fdfb84b71a48f23b7ed2ad0074ea2d2660e5188569003203a5d0268ec25f4fe76939ab556ecdb22e9af3ca82cf0cfe10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18193415938d07bc53fd34645a1ad623
SHA1 d1854a6e58169f61d1ca95a951543bf86cc732b4
SHA256 78be54b3d0432ba069c1cfd3148b5d48262564a7276e0bf13aedde734806c4e8
SHA512 09c6149a6a81b47054e0e64ca7d2a5b5fe55a50814cfaec4350d5bbdec74aa9dc3838784529f77435c912ce173a77426cb2131e7a06fdae7f1c6f3c0a645ed36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93f9e31c68c757149c6501e5dce4a5d9
SHA1 1ceadf03b9a6ab61bad31888b0bc8009103e61d2
SHA256 7cdbc1c3e35a45326dd481f9324e017271dbe90addf43004020eefb520d1a3ab
SHA512 2885e200113a97d8f84d38974e680e4364ee6282f5fcc044a29b7e06e834f8cd738214f96ce867fd1f95f8dc51d86cea5694a7e35631763a26c7ec2e361314d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 490366940be39cba0d7f212fcd1ff6cd
SHA1 5851cc451498b8401a92b5f2d6920eff338101cf
SHA256 588f299a6712bc393b50f4123c129223e8e4af4b37d86817d6480c98fa6fb741
SHA512 cee5bb9fbc14316908d5b1f519dd568f24fb6c23691ce19b31ef6d320fd42dc92fd45edca85712051048607aa459cf1e601be6194e2d80ab847f71317124fa13

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\js[2].js

MD5 5ce42757e5a63858713dbde16199d0b4
SHA1 4eeb8da074d963ffbd8bcc7d424bd93da86059e6
SHA256 6877a9390e330e787a17b4cd8321151e6ae671d320d20e4fd892c4a3cf1253ed
SHA512 321995e3dd968609c7c29651b96926819b94e7e902458f206315835627a1bb6a11dba2294744ef857db8dedb877fe9de0a7594eb92cdd8e3019f29f7918fe4fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df4092d12fe46be488e8ea92007d68e1
SHA1 fc71eb0523aec5279748a278243ef0b000903b2e
SHA256 f7aa84ce0d5a53781612c11298ee11bad8d556ebca23f0a123dfd17462e1cf5c
SHA512 0ed4c4eda3545ec8b116bede67d556ed223bff71698501ccb30dfb997436722014f7feb47eda859d0b2f449a309b0f13b6751de3ebe4997c0c874592a3cf0565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5525893ab70a90e2bdb386c9b938e16e
SHA1 d425b5c00df9209d0f3ce14c30fea3226b9633d6
SHA256 689a187402a894b013553ba707daf500ee39d275d9118d61f8c95edeb4baaa06
SHA512 f3883c3630144426197f5209c5e17edeac856e40f8d85670750420548315c903eac0399cc6f7788717ddc14f3fddee79e654bda38d0b985bad79b0f4971b275d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c7264cdc8e9310810231bd5eb6298dc
SHA1 875a9a3be5a4ca541727c76144e74856764ac8d2
SHA256 bd9aaa296b26cef19cb827f36699c79917a6b673d0711124206ae3afe6500109
SHA512 789a9b3017dae4d4c46aeb69d7869b75265ea88d9bb876b7b9bba826295c828c8abaf9632ea3cfc88c8593d5650db04d4546ff95352baf8ba26818328f7e42a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786

MD5 e7aba754b34d0b13918586be2ca29998
SHA1 ede4184f647c491a827e92d74e49a980de6c99ef
SHA256 23efc97bb002d15a2a3f4edb655d13a17e88dfa3e398fbab455ab234ac81db74
SHA512 384dee08298cdc063c1a0bba572d864a38f4bdd62e4e96c6818a05c99c3e62fd483a462ee3f5514977d8be11cf7182ee6c9352f83241504a7c2d55b228de7e93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ceb5cce93a8d4d31e03530dbf6ab234
SHA1 3c3fd9b73fff2e6b65079e9b2c54d689780e233b
SHA256 9915bb599ec3da043d1c6d666ed3a06e353aabb53b4fee1b775cc7e01fa73afd
SHA512 ca68a46f69a6b52ed7ff3426c91096118c9cbe3c43a6404f7a4f2c9b37b0bec42fc7a4736e909a15b4122ac667747b52afefc07e278bdc50a1f8425bad561228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 868f317ba01c4eb0bbc6f6fe9dc81dc8
SHA1 5838e287d1f22c05e578c22728340631b9a75e89
SHA256 9ba90a4de722214b51f13e74448b059f1ce0dd44fe4adbb3b9c72a22f41e9d6f
SHA512 6531296202867256b3d203b94061926add7868e5617d97f05ef340df6dff001678f2235f8d8ae4186a83f6d56ce458f2707377a5c2222cdd4c5b13f0e84b1071

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 d37e35a7e7069288e4328c16f58d0a56
SHA1 893264a73cbee2d39daa9693a7f5996ad3c6f584
SHA256 2f8d06c9e09f64a30b111e6180d2d94d3f9e36eb9232c540278f1654f038008c
SHA512 db4932779429e3cc64b863d0cd7bfb33a9020bfb7fbc9192ffaa369cb59bcf483d72465ffc6d52cf00f19006657bf5b797400bfb44cb4f631e00340b5291c408

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 0c3e59c96836b5ff39711c3af100898d
SHA1 6686d18b5aedefa9c5a7f0e6de48e7808d80dee9
SHA256 58e93c11de5130ac47d05ed1fd907fbd74fab0ba9e56b2f479c803d04de65c32
SHA512 80ebe14c011f60aa780a70e3b174f011ba81ed09b5658e1884971070c7e5ba7ec63bd50ac90d0c78b9d2e6ac00400b36760639928004d5dfd26ef54249bf84a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 2a12bb16cf83aafc9e1d6944d9d5b485
SHA1 b76efca2f43110685ef956ebdd60ab234d0f8d8b
SHA256 6fe3faa1a66e0fe57d85320548e3465b74999b4e95ac0d99669629383cb16dba
SHA512 6f3e627fdb5f7db2a8136f229b2e95a093d6aa76af4cd57d47786af170c43c8f41065ff5d3ae27769757b277954dd22ea979fbdb7f158d5de2904d28970d5c0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 ca41fa95da748e9aa54a9cbd05d6842c
SHA1 eaeb0aa02162c4b71d8a90c0d5da50d2d282b6de
SHA256 6c76e77f44ae59349a761b628d501fe9b0604736a5a3eabcd1ac0726a2df7b20
SHA512 18018d6f2a8e3916e359012205a694784d310257bdb15ccbe616b261dd2f191a007d663dfa942e2e1eeb9b3ee3b20a668c2e1d99be8184d333e9ee4020fa9933

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 b3a784e2004a341e56b5c716597eda30
SHA1 7c9f25c5db23d6813e3f7769e29b2a18c9f12e3e
SHA256 b7143c92086acc062234d5bb333199d49c08520b1ec0a0d4f3dbbb26514242de
SHA512 764168d9962ab719aa491e483bd3748a5482dadc992b842d834391699c39a351f47a40b3ce39ed02258902a18e8a7c51507a727189467302d364074916223114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 d74a2e61f42bcf9313dc432f3a50b263
SHA1 18241a6643e625f4b9e031980cfa87f2a8bf4149
SHA256 4f5c7628efe03b9bacc3e8b2cb92599c9dab8a1c7fe3ed488c699c829f7fc48c
SHA512 460ded7c9c094bac2d595cd644085c283a274be81a6e4eb370d12588f776ae44077bbd2374018705f08a9c49fc66e535671f51122940ed5c9b721f09741da3bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 9009dd0a494cccab32589d0ffa63628f
SHA1 fd3e95e2dc9e5435f47a7a9a986abe2c6a8ed172
SHA256 5e8697e86562d3b81d51fa07354798c114991ea5893aae7fdc09b2c834d7d6e2
SHA512 e6fc92e46697d8fd3192eb6e30485962de9baddeeb47c7420393966e9320fe3c696b43fd38119360a8b47739c844baa33645638195cdf727d8d2ee94c443e329

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\favicon[2].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat

MD5 aa7aae7cbd32606a86221e7e98831453
SHA1 a5c648806a98cfc871aaf732d81df257a5c04d86
SHA256 488adb5c098e02418ac5883fb9d6b1af7e671b2d4c1118ba2c660b6fc557c35c
SHA512 c865936b62ac4113cda6685bc25faadcb8ce138fc03573a2f1f8a86f21a2462fb93e721ad893a52f1a9f216377dc57c5dea9abed9222f3128a782c2af40d2ed2

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8IC826DL.txt

MD5 c74cb0fedc333f81141c72ebcfdba5dd
SHA1 5ca6d4b11140367895a3db4f85717061351d2003
SHA256 04631e88d5e9ce21f30c2af4c538b340936c2ca8b7b6c9e705c52ee41f335a0c
SHA512 968a86381a2dfbf32f64de9984cff274e5d790f5674142c89f9ec0f9bfa2579798f7b412ca80143863589add8c47c5e4fef111e88abf6b03eb27cec5ad1bdbfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95c0b8f61139c23283ce70373de1a05a
SHA1 34564dcc24499da33dbb494ac55ecb3044b52288
SHA256 a377272cf9ffb5cefb8114f276fe042fef5c6d35030f8c6a951b491129deefe8
SHA512 f871a5c4e9ab92e2c91cdfaa2e54dffe2c6b101d881079d9579d639b438436e7f78cae20c486d9f7d6a81ae3da98df548b16459a4fcb96ddb90096c3a0b27815

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d61af8e8024fd5a27602915d1db17c7
SHA1 e137151bad8ee349c68abda71439b36f1f1b8b50
SHA256 3f2aa02ea935a702df985208797d96a874de708025f05e8d911dd7b64e4674a1
SHA512 d88d6298d8fad931f82f626ce94ea63ad1a1407c49f6db0eb67dda7eb2b79d4632674d7dc07b9fc8333a53eed036f1a4928a2869b97ec46ac15970167520c386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 886658aeba7aafdd4e41b4c580f3404d
SHA1 23a73a20f31df7f06a021093166e9888da243617
SHA256 b3e5db068f70901face40c5722934269e15811509964b49fbae89b0a4c73d2bf
SHA512 1474bda42a4ae5aef1d18e5fdbf6b343be0e13e127624c22f4725080dd58bb23a4586f782f8b925a2dad721696d92bf84d61c7af376e1776612e6bf8e261908f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a4f98ce78856c72f5df0915612e04a5
SHA1 22b99fa146daebc6420c257bafd9acde83698914
SHA256 926e75d5968647a5e7644394db3235ce7d537198c32cd82cf38b4a9e3f482d9f
SHA512 53796e4e95d9859c960aca8d80bd15a25307ca2e0a0aa30917d20815709e81f01047fc5871075f05493d89f4e2e5f523a316ae9f137abb7ba5def6877ce11dfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f87a0ccb6e1c12a6931694178fa02499
SHA1 c9a9fc634af921d162aa5103ababf6ebc576098b
SHA256 eba31a1bc97af799a230895bbcfc0968a6f15f9165064aafaf17803dc67c5fdb
SHA512 feb992e80b647ecd41eda01ce91eb58c5dd987734c2eef8ba101ebd40126f836edc2900026691f331884a9204cccc77f49c3afa4ff04530d3dda626d9d131ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b266bede0411374b225396c97bb7404
SHA1 6645d832df762a1e0146ba17c147aefa33a5b799
SHA256 6701fc57179626fa30a84214f0a98be325ea48d8532aa651bf0ec2e53c0cf13a
SHA512 c62bfde0045daadd58590d08cb86101b245688b96ae9fe7daeb3863f8d9da1bbeede0393412a0fe0eb7e46ee6a47a232e6f0dc572f1e8a6ec46358594fba8dbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 562ae92f3a38382dc16d59087a3f3bb7
SHA1 79d711b5a0765376c1e92e01459fe7cbfcaaa498
SHA256 1f0b8551b83b23cdb4d536b4cec2531bd23b9dc729eb2f3774f57df5ab3889fa
SHA512 ed018eab8a0465d4dec7e03c31919155567a902e53897124c2ed3afe91fb1bcc72247da139fe5b279f9c339343e98907828b35bc4b35bec1339a666fc6fec655

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95bfb22f5db6bba2a80b85c2677e8566
SHA1 4a5ec6ef818dbce0d368b1a2f2c35ffde4ec2c7a
SHA256 a2927995982b92fbcdb0d243aa77b88188f3a0cfcdd37b1986a66f773051e6f8
SHA512 eb6818d67720704aedc425c6598847907cd2a428bd2291b528bd0aafa4064449c76dbe64ee9248d54edc6f4b840ce109f9dc1be8f1815cde5ee9a8b456ca9dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85c49695798aedde4b5d3ff02b2122b0
SHA1 d449750618ac59752edbbcc0e8116f59e31c6ecd
SHA256 0b7d83beb14c106f20b19f539b0a593ae4ca18384962a7a2ba5de0fd8cbd1d60
SHA512 b98374d76da22acaab62b26570388ac96afb48bfbc3e17d89c9c991ea983dd5b06360743f09d1e5769a0b26673e73986986f1ae3a31f094abe4a8c9beccf5ab8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35f63662873b70b37e066580ab0679cc
SHA1 e445734dc50822e607757f13002cdeee7f4c3955
SHA256 583d7d476159084bb8872a252be1205ab9318c80aafc417b1ec165d698daef6a
SHA512 7b15d6544ef013424964e8791ccbae27ef642b5ce16b72cbd67d3dbddb8deccbb2a28c7577a8698d0856550c2bb1c2c8d99a886e8c5271223f2f0cf5076422c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e8c71a81038e7696bb36ea89358c067
SHA1 8e7c65d8ff5b7adff005230bdf2c4d9d18f0e40c
SHA256 31d1e3c1f9113ff06001eb8a82620af293a8963af6ebe582e02bcc4d6f5e7bf9
SHA512 f5fff6fa34d730edbe2cd8dd0ed56bb0530d3afa807aad59d808b0fa03da5a23d25adb169caca39899e9e1b99584b65ee94b0588f11561a8a5a178420d5afa93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 0fb2daf9b7bd0927cf9be26f6d99e575
SHA1 e1c2e0600e72f4133c98c69e9c3e48e752e68d91
SHA256 dd0bf97b511e5a67569519b586ede7829fb958fb4f5baedd58195f85a06a2124
SHA512 e5c7ab0ac84fb0cb52b7941bd99123fbc52363a022d6344f71f2896e1222facf5f5a1fb9883638e931a916cfb56712411c04ae684a413a07a0cea4389a9927eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 902460f90f906de7dba47a2720c7797f
SHA1 a324939f8479b2330686d944161712dc52cdf539
SHA256 fdd53f420a0e6887d5a8674c101ee43dfc27ffc67a094e9f248087b8afbb1c99
SHA512 b378612c0a9065d63b1a72fac8550e33d7447da59418eb7df6cf6f2722f521de861ca26ea2ac481a989d2faf0b88818c4c42e2458b1f25ab7b3f7fc308f2ddae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be741fe379441a36c8934630137fe4cd
SHA1 680021bf82862fd678687e028170340938f6b906
SHA256 332f599942e216d84fca512dbde53c54dd4e85bf94925efecf7fa9d7db789702
SHA512 58e1ecdfbcf56892a73a7fdf0486c381edd66d897f37cc031d25cba8b3a596a994e5e73d8b21fb0ef0f302892f982839467ca50936d4df040b773e88ad0ed3fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbbe6e447153aad6d964963339b2c058
SHA1 8c7af5af604228e77284275b5fe89126af3754eb
SHA256 9dfbe2a4246b6d9f1aba82876d0afc5b3fa0630e5cbae537b96a541017358c8c
SHA512 e81391059594d28ac835a60ecb64cdcbbaeb29884fae2fcd7bf4f24db93005d14d0237f3bf660556716838db4e152da0c8faf7683aed5744cb29f18d4f0c2f46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a5f659a2d2b2c8be1e7a7f8cd943bf
SHA1 d0744767dbdaed1aa05b4955932d189501dc231a
SHA256 5b1c1ec03e58e0c330f4ca946b15650e47e55536ad4694bcd740bf2f361e7d0c
SHA512 42d17a8a3587f12578592d0702af42e3980b57de148d5ed8f89d755f20e157d8afbfdd1823b7c3f19f0a390efcc9f4f008ad47a642b6f7ccdd9bce73191a26b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bab63b9088aef738045d1f8472fbc4d
SHA1 7a79c06480783d6e149f976e1b06ad8fe0fa0b61
SHA256 7828ecba85f03042dc619914bff69b60fc6d9552adad015d0f5915e5efa99e47
SHA512 c3ec6b815a02640fab4cb930d1fa60f2a4728e3cd3b00df4a9733433a5df464fed64602149155ef6c7e63fa67d25d4c76691ede3e273cf1d418d12915cb8400f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41b0f970e6b7c629849ef18a537545ed
SHA1 7371f8001f6d096a376634283d111394b8e70b56
SHA256 5d077175633cd38e12500430ecaae5d636775f9a66c53bfe2aa2901782851807
SHA512 f062873405012c2087ded83fd2e01c1d42603339fcc2b9ce18b4fdfc78d662482b025ae82ce4c11e03c6064832802cfabd066bcd4515f1585244f1bda6568a2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9b775bb43613d2c58e0f5664a65bc8cc
SHA1 35d789a38eafe3e9b9d190b020ba5681454b49be
SHA256 7b329dd851b9a44c06048d138d93d4bd65d7ffdfdddc167aaa663b8e6f473bd4
SHA512 86c8bf16750ac029c08c8c198cc3f9d4d3c34eb61502e095c10028734d712948169b4fe012897f34529171bc860109419ead7ec34ad9a82c7d3441b3a91b46a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f89685a87cd41dfedb0b1569f63c5a4
SHA1 cc4095e494553295b4a0453ce515a07096eaefaa
SHA256 940f66a9b569ec442c049ce81c53c566e3b3537e7c7ed730d9182a8bc65becaa
SHA512 f69485cd2a2e2772580060163e7f84b635d674c7f2048329ca789cd176aac32d92e83dc3965cd6557946e75087f9b258332c1ef04e08e9fb3c4e5f6e8673f8ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a430edf7241bfdb46e3afeaf4e976670
SHA1 a2c92f3c2ce2fbb2f3e2f06e746f44940874f35b
SHA256 a3ba557be6ba03ca2e4795f812155578021f80a10f5dbf228a37f83b511f8ed0
SHA512 10f7d7c15ab7f22cf0a685559ca806715a52748b61376b37333aaac3fca568164c91b7e15162922d267e23768a252aab14ff9558b7f761c28456213634cab85d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56ef4ff65ba235e60c82ac07497bd4de
SHA1 0f5f2f357c14db88b8639426699964dd0d9aa88a
SHA256 c732604a4e30b33a208e5c33153bac84dc6c8f7d51b67abe1e4f890358b42f10
SHA512 16ec85c28d1fde1554b070c55294563442af15e273961a5d8f8ef7f4ca12b1af7281cb9f1305ca1c37247bcffbd258353da2afbf04ccc88224d0a0a2956af13a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b5eebd4f78f2366ae7eabf73ac54751
SHA1 f4d07fb8d505479039b6ae799f922c847ef5f399
SHA256 3c9839d3fec85656455f30a5481d481b6954b03062e4a5e5293d3ba3dd512cef
SHA512 4577927c2ecc9beef36d1dbae060b500f6fb631cb52e5043b884a0d78fe5441aab44561a0bbb725e73494375a6d011c7fb36482f92cbb628575ce8d69043aa0f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:31

Reported

2024-06-13 01:33

Platform

win10v2004-20240611-en

Max time kernel

93s

Max time network

113s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D093C0F2-4246-4DE9-842C-B4A50E133888}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D093C0F2-4246-4DE9-842C-B4A50E133888}\URL = "http://search.yourpackagesnow.com/s?uc=20180506&i_id=packages__1.30&source=-bb8&ap=appfocus84&uid=b6bf2771-588b-4a1b-a78c-72949bddf77d&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112497" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31112497" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{D093C0F2-4246-4DE9-842C-B4A50E133888}" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1825576451" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1825576451" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425007237" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{986B4E5F-2924-11EF-8383-6A4A723AFC37} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1827764526" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D093C0F2-4246-4DE9-842C-B4A50E133888}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D093C0F2-4246-4DE9-842C-B4A50E133888} C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31112497" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.yourpackagesnow.com/?uc=20180506&i_id=packages__1.30&source=-bb8&ap=appfocus84&uid=b6bf2771-588b-4a1b-a78c-72949bddf77d" C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a35eae0fc6410a91305c80a08a5e4f38_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.yourpackagesnow.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
IE 212.82.100.137:443 ie.search.yahoo.com tcp
US 8.8.8.8:53 137.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E9YVC3IR\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee