Malware Analysis Report

2024-11-15 05:27

Sample ID 240613-byrpxashpm
Target a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118
SHA256 70ee2cd0aacfdefa5ec983e00e24db29188e14425e76b52ce653fce463f5db7c
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

70ee2cd0aacfdefa5ec983e00e24db29188e14425e76b52ce653fce463f5db7c

Threat Level: Shows suspicious behavior

The file a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks computer location settings

Deletes itself

Checks installed software on the system

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer start page

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Runs ping.exe

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:33

Reported

2024-06-13 01:36

Platform

win7-20240611-en

Max time kernel

150s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe"

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D28E2CE-0134-4A86-B41E-B46E08F50D63}\URL = "http://search.searchffr.com/s?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D28E2CE-0134-4A86-B41E-B46E08F50D63}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000181e208b0f6a2279c9526af84bc2b22a4726a49c3b504a5fe8f909d41a5510ac000000000e800000000200002000000014f04eacf80aed67db28fb01a0e67c9a63e5f807de23ab2ea5d8ba450d803e402000000099ea0c2d1c9bee25de9efff53f9045e5cbda60dca802afefee15bb8170e868794000000032dfb19653f686e85e68c87541c82969f94d0b9d91214ab167edad57d8e5e9e35480d5bd9463154ba7f3aac7009425319124106c757ee1ca130728d2734f6f02 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000518d8aca664b253d487e046330c4a5286638b9d792a7fe0c041db74190509af0000000000e80000000020000200000000f171f9f2db9c6a445a67ebf5443484a399a812c0b46fe84148ad7e44cafa1ce900000003b0a99f7ad27dda05ed6934fa5d7e691653d2bfb4261cc8f5f6871f5835d64c0d8cf097f57c697f82069be4057a3db1e67fcef72a42e60355e466f945d1664b4ff00ae6d5469b951cde2adf9d8e27a04208c788fd5cc2c4d59bf3fc6f904994916bb5b278ba3a5917780c3e77dde65847c42c83786d28094575203e4d6d52ecd12d1b7de10b05f4ddd4bfe5f8e8c98a4400000001d72ddcb8f5557a1c84f9c049637914ce4c4df90cefe65ed7a936fc324b7f44dad43fc98f1e27343f9d284fe20f927879ecc65c89ea34c479d70bc3d47992e03 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424404284" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D28E2CE-0134-4A86-B41E-B46E08F50D63}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3EC6CB1-2924-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00c24cd31bdda01 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5D28E2CE-0134-4A86-B41E-B46E08F50D63} C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\searchffr.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2996 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2668 wrote to memory of 2652 N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2996 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 2996 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe C:\Windows\SysWOW64\cmd.exe
PID 1604 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1604 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1604 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE
PID 1604 wrote to memory of 868 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\PING.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://search.searchffr.com/?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c FOR /L %V IN (1,1,10) DO del /F "C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe" >> NUL & PING 1.1.1.1 -n 1 -w 1000 > NUL & IF NOT EXIST "C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe" EXIT

C:\Windows\SysWOW64\PING.EXE

PING 1.1.1.1 -n 1 -w 1000

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchffr.com udp
US 35.171.205.180:80 search.searchffr.com tcp
US 35.171.205.180:80 search.searchffr.com tcp
US 8.8.8.8:53 d3ff8olul1r3ot.cloudfront.net udp
US 35.171.205.180:80 search.searchffr.com tcp
US 35.171.205.180:80 search.searchffr.com tcp
US 35.171.205.180:80 search.searchffr.com tcp
US 35.171.205.180:80 search.searchffr.com tcp
US 3.164.160.116:443 d3ff8olul1r3ot.cloudfront.net tcp
US 3.164.160.116:443 d3ff8olul1r3ot.cloudfront.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 imp.onesearch.org udp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 8.8.8.8:53 dap2y8k6nefku.cloudfront.net udp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:80 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:443 dap2y8k6nefku.cloudfront.net tcp
FR 52.222.196.116:443 dap2y8k6nefku.cloudfront.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
BE 74.125.71.154:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 api.openweathermap.org udp
NL 37.139.20.5:443 api.openweathermap.org tcp
NL 37.139.20.5:443 api.openweathermap.org tcp
US 8.8.8.8:53 internal_tiles.tiles.ampfeed.com udp
US 8.8.8.8:53 internal_banner.tiles.ampfeed.com udp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
BE 104.68.91.91:443 internal_banner.tiles.ampfeed.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 44.195.188.78:443 imp.onesearch.org tcp
US 8.8.8.8:53 imp.mt48.net udp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
BE 104.68.83.229:443 imp.mt48.net tcp
US 8.8.8.8:53 cdn.45tu1c0.com udp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
BE 104.68.83.229:443 cdn.45tu1c0.com tcp
US 8.8.8.8:53 imp.searchffr.com udp
US 8.8.8.8:53 openweathermap.org udp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
DE 148.251.136.139:443 openweathermap.org tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
FR 52.222.193.204:80 ocsp.r2m01.amazontrust.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab607A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6119.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb7bd3da76202e0de8c385cb642d9db
SHA1 aa8bcd541171320f2f7e85d5e40a39d484f8ff6d
SHA256 1e14977c8f9ce46a8f43f5b48b8029bcbe2b4e645a12ea24f9acd65216984fed
SHA512 a48f66224a1e8c7d7db230be159076c2b60936fddddd279ad3f8edc66273a25bc73a334ed450d19d82255dad911c9523f89e972cd56602bb2acabf00881d72e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57a87a08417b439ed7aa7eeb5f623936
SHA1 e6186c9b28b8fb65a9c0dca7b1b4bd05e957f422
SHA256 347c1f155540bbbfdd2055e87db55b1b07c89dd6e24402437a3322416fbd6a55
SHA512 9607e74df6c15cde1a2b9798b3b7103ffc0f18ea8fa90a04082c1a0b0bc629eeddbe7113537776215d6dd24f25c0eb5dd16e00320eab123cbf7123038f734603

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f541c5dff91f3338040dc89ff487b601
SHA1 c9eb2a2f39bbe73979b0fedba46c06e4a80a09af
SHA256 e951d53fe07e5cc168b48d9bd72b572418433be0916952fcb2aaed7fc3866b2f
SHA512 46cff13a57932b80e2903b2039cb13a23b0c5bcf269534d45d20bf74423e49d9f8df55c5913f46bbfa811d5dfad886c8d94b222945c501cc0a876c51eeb3c7da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc228fed66e27eae0ec2cad9ba3ed2f7
SHA1 58e8fc7e8191e36b2e8c051c17848fc7d5a14a6a
SHA256 a7dfff3eaec417dfdb40c38dfad63d4f5c6b748037730cf5c7fc6202a31137b4
SHA512 f0a5bc95df04bdd270902404f69a7b72c24b2e8ef01e3b91e945494521fa9e709984fae335f0acfb8e2b2bf79134d2532ccb8f183196fa26d0479649525be7ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 bc3149e9882b1d2a465c156c546f03ac
SHA1 08600e66d78c61d440dc1c180d93b4c3127e7da9
SHA256 9b983ea7e5ef215cfd639d88edf3eaa525c0058154e1ab54e031dd9cdc35b8e5
SHA512 76994c67e0fd19a8a52b912dccb4d0fd3555ac46454e29d10286eb3c0bd46bd1fbaab0f3427b82686386c58e1fbf9d400c8d73ca88d31e1deebbcdab17df0733

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb2a5f7014d5a3c9b58151a667492054
SHA1 6c3adfc0583707038d355c15e0746b972c4346d4
SHA256 184d81af8ae1c1284fed1d97b6ad6c44cf23b6df66fcfd6164f78c62ac88d157
SHA512 7e1dc697fa750fa21b3f013734c60350dd2517811c40dc9750b49c57974b2352aaa47996e0b0ab5379a3cc2afa255eeeeea14a0a8e95567b374f05242cb6855b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4419cdb15a48ef205af4d2026b5e32a0
SHA1 b0a42cd7dc4c9bc883ced52355d3d681353325e5
SHA256 1da56a133d319faf2001752d7373deaf0f4dd80586e64dcd37ebbf4b18136248
SHA512 79aec457520141de29140786ec507ce4c0f3ecc5a7e80398581edf1e1a4a87d2f81b433bb6f028a0cbd28eda0308717f927867054a4d5b56440051ad04b7d074

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b777a8b454ab2aaafda770c3269313c
SHA1 f5f092f96b0f17cd0b46774e4da30688b029560a
SHA256 de1dddc44d40f1d5bc258ecf0a7a65d810968ba5bdaf881939e6d2e31a32c1a9
SHA512 5f2b6210b374265965d903ac8514b03d4a31a82856de20998188eda7c55e40077b1b9f9aa4ddbbad5877c632e322f12f2fcec081b4fac3a67ca672a0d2cafe91

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\js[2].js

MD5 640ab622885850d33a6c17e439ff18de
SHA1 0ee00571e70b14e7bbb1fc4eddb5f8a211ce8220
SHA256 7d4bf888ba4b0888533b7032597b214396f0f74e5d0aeaf2b9d8214c0683b0a8
SHA512 26337afa0799aaed8d4ecb172870cfed6b67babbf44e9c16c4481f6621fba41eb0db6f210ba8659e37b9c32294981df207360049e36a14f0e3f49804c53bd0ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5101cc850ae9014f50547e43e276c7
SHA1 b1ae07c86666d8fcb6500411c6a29e12e2d7c6f5
SHA256 fffffea77b599df1051cbaa7e8b19a4d71a0033fbd2ce92560c174865c981b7d
SHA512 248fc3f1c1dbbaa9a9334f560a6506bc7e378f3787b0d685d03def39ebc4b4acbf8915e9039ffdaa705e2c37f9b8aa04f31f7afbd43ad964f2bc60216c0db967

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2df17dfa0a4e41f91e7fe61f5f489ed
SHA1 9c1309cb3cb054428accfeef23310c0539c5af55
SHA256 337ef1a80982903b8262297633efb0f063478f53a5eb70a37f1d4efeb05f170f
SHA512 971d4e1b9a5c780f251b13af27241e227a62dc0f9574d798b4ccb0969ea25c8ab039a88d1fca4eb465652ad4ee9277bd3d029391603cd6c546d9bc1da8aad388

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63a696490756949ee33d73aaa7bc3316
SHA1 084110a99049362354da2254b468c4088e15e2c6
SHA256 9bec45c8293071c638cc224e80b037abad8e10b7a56728464a61a5b265424fda
SHA512 0324d0d8aa156a847eec2c37f67a9a1d5ba5f221b95fdecd9046aae8c0ae1c7b472c935c77cc3674c2e26de4efd62ba67bb716a94fe98ee5205676ba4c5a54e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f80bac5fce10e342b86f8a52fefeef8
SHA1 a213760c63270b793663a9ca7c8cf46a3e07316b
SHA256 04e97c17309f59c10db865a90bda081dd9eaa2f02e7aa5878843d080adb7a36e
SHA512 b958e837b0b2ec5407053a353c0eb821cb4ee2d2e2f6a75852561354e22031c3785458b0d259c1f5876e6974c9104883937f104949cea8d2790113a995374408

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad2b0b6af7347a48bb087dbc04715705
SHA1 252a913890ad1f92282ab5e9b24d86f0e382450a
SHA256 091ec43a53b5c7a3ef59240e53f299923127ac07ec50af372562fc705ba04014
SHA512 e74e1cef6b7ac33c053e093ecb3ae4bce5e94a3a3c38b0413a82650413f2965ae93b76e8bfb6dafacf84dafb3037a3929b6fc957b6e824ee837663f66f7da94a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c89f2712c8097985e3d77d9436997759
SHA1 bdbe14f0cdf2bf888a19257763f9ccf30470640e
SHA256 671c94eb8d28615a664b62f8b86bf93caebb840d047e2f13115613d2804a460d
SHA512 e6365b695c1cfd1f41860ff0ffb1050c9243d9af0831be31c2c44c6239f50ad3642487b13efabc8297640f102fb4d1c5ce925723edde11d8e82c4f1c211bdf19

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E016BF2V.txt

MD5 1867364daaaebc0cbbea54984f59d50d
SHA1 ed532583f0c0a37e3332eb646cefebb9c2b046a5
SHA256 077a4859572de56f736539886dab9fbf0224a40f44bc2768e4fb5bcbde2254a5
SHA512 b4f0f0684243765fc8a096747d3108de047ba301b081cb2676e3cf261a2135407e7ba0d9518d00a5fbbc518db903b19df011d8a748c106090d1542e54734b135

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 539a4f1de14e0bdc440a9d0f5c90d7c3
SHA1 5c9791037c59130ce6d6a1ee5073c2150492ba92
SHA256 8077f8b0cb8f7b1eeb61abdd0df89d9714eafcc6ae414f0daa0754e031090c11
SHA512 ec927eba9e474939b9552544298768bde55508fab20734e59d17bec31194951c0b51ce35f7f15280dcaceaa2c3d74a42f676ba814e26fb5c2bb373ac71df9be1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 2a12bb16cf83aafc9e1d6944d9d5b485
SHA1 b76efca2f43110685ef956ebdd60ab234d0f8d8b
SHA256 6fe3faa1a66e0fe57d85320548e3465b74999b4e95ac0d99669629383cb16dba
SHA512 6f3e627fdb5f7db2a8136f229b2e95a093d6aa76af4cd57d47786af170c43c8f41065ff5d3ae27769757b277954dd22ea979fbdb7f158d5de2904d28970d5c0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 0a84c8623eb45f4a0e4f9a3ec00bd373
SHA1 cf0aaf18efc3da754910732ba0e2bc47f99c35a3
SHA256 0e25437640f17a7c4a0bada1f766ba6eae6614ee83d7ea2f12fde7c4c4d70931
SHA512 01f69b90e3292d614fa220fec77123e33f329603fe6845b91cdfc81e399f068ca6ea0a88b9a8793dfb3860561d8f0652dc7e9d76f8401ec6551d624e0017c799

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C

MD5 49b8fda9a7ce842d88287e83a1c89608
SHA1 c7a6a85e7296bb017dd8792c3c6edf3ac3fc6d8d
SHA256 1edd4f39594fddc9aa8c0494e6ba6e1305ee692d3ed1701cb769e09c0b46b081
SHA512 330c6666428f9fc5d9428680ee4218bcb0367770c9429603489102fcde96c936153b7bba2181f35d9b2e016e93d9a05a9a4567cd39f77664fb86efa043655438

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48cfb541f02488ab1000cfab6933076c
SHA1 d02e8b9b4fe174f3ebbfc683a226fac56019e86d
SHA256 cc8bc68ba071e633dc96c45bcbced03793bd425a479159a38125af520a4c7fb6
SHA512 066241df7204fcc9edea2307a273532c17e25a6a438a637b5eff9f8dc78d943ca5755e1f6e29c93982b91dc4a55848f688f68243ff3129c7662b5611646a16c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e072d49b3ce8ad4dcdbf5b6db5972cb
SHA1 aad5f863ab9240faa5519ea52feebbee1854c748
SHA256 4b7649cccf2fd011a6b249b688ea0626461cb8025c76bc2a23e5a24ef3b039e5
SHA512 2d8b2496559d8ebeedc702a899a86d70011a8238bddc052127ce1603f32073de4a6416b0c0fbf3eff480296c37ea3dea75547f9217b559bba46c22a278866723

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84ef655da6f345791691e4e8ecc56f83
SHA1 f19690353312f74a3107f5a9f6996b4074dcd930
SHA256 e6b0ca57561d167ca05d3e36001717a4d17d8858c7311b25c96837c0b259c919
SHA512 dd13628909d395a4ef423cc780a6022611f77cb959b45843e6e050e2db7e89f5f83bbbb0812d8ef7c0d7129a076784600f1ac01843c568e3de5feedadd644d38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 952ce5c33bc9af70c299b9a9172ce0a9
SHA1 feab5760af0c95a9d82461fd3fbab0415a4ecf16
SHA256 7342cb719203f804557c1f2ea30e8a27637e0f8131069e2ab7177061d5576c2e
SHA512 73f1cb747067c4259296b680cb4f79a4fac376b30f575ac43f9dffdc6f7c8483a93e865a1e8f72beb95a1ccada247fd7420a816ddfff8829da46c13dcf593d4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d83d6487dcad0b0879703505cc5b57f1
SHA1 6fb675be1ea7a9300d6c5f02b0153aa50448c310
SHA256 ab88dbd445477b770e6f12485bdfd1afea682157a83ae7b8204d9dbb6f571dfd
SHA512 f61e57927f5024efb5d529f8fe8897596f408e3bb65e70222acee717b7bbaca7e8367e5842407f8b158bd7dff8483e66da5b76b5a47690307edc6bb91abaf52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 b44e7c9d89c98cfae4972b67e92e987e
SHA1 066a6ac14f7c82c3ff2813bf56f80e5b805504c9
SHA256 ceafe3a69da0b299a6417df943f74f9d5c4de8bc9d351b6e9e444f6bf6179ad7
SHA512 ec0e7290b9952a111fdc65f5047bbcc000df86b8d308b2782a9d047a8fd4dade1c689fa82b527df3a3447efe2dfd4e769c8daa1d4e03e6affa655a67742b65f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 ff330c9577f3fa494fbdda15e838dcae
SHA1 4b740d63df2d3908f928b570817db057b19e7e8f
SHA256 8085ebdab8fbb07867d54adb7c45987a3056290773d99c1f4c9675717d32a5ac
SHA512 bc4a49c03ab97952084f4075473bbc52115568a3e38d2c99a6d9f607f102ec45e6e947c2f68144f134c949429d2758c5981d43afffe272379cbf00b017bc291c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 2df1488b77d968d221e8e383d6285c0f
SHA1 9f223efd661d5ba4b99798c4a0c77872a0978217
SHA256 ddca44b7e4892057dfc2ea4528333dab5bc5db1c13dc983d6c399cdcb6b996af
SHA512 8fbee70ed0e885ee66a255af829b31c62e3eb4ec16b3dda0a860266774b2ef4ddd1412be39198c621e6c782696b01571ac68a1362371f19b568a6761ad7ae1f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 d74a2e61f42bcf9313dc432f3a50b263
SHA1 18241a6643e625f4b9e031980cfa87f2a8bf4149
SHA256 4f5c7628efe03b9bacc3e8b2cb92599c9dab8a1c7fe3ed488c699c829f7fc48c
SHA512 460ded7c9c094bac2d595cd644085c283a274be81a6e4eb370d12588f776ae44077bbd2374018705f08a9c49fc66e535671f51122940ed5c9b721f09741da3bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

MD5 f22bbe3a15bfe1838bd11fd3735bbe5d
SHA1 be4adc18107e4e99c6806a741ae531ecc04209d0
SHA256 6d9c103b7e4cae0308de684c8251cfccd2b5fd8b02e8f0c22f33afe57517f100
SHA512 ed3a37b0295d966dad6dc72234b2a23f574783cff3e2cd2d0172112900f740e0d40633e95367b437896b9b52df83acdb4c65efdd0085fb1497d8b2356fb8488f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D03E46CD585BBE111C712E6577BC5F07_B82D647113A63312F289CB1E910A9CB3

MD5 9009dd0a494cccab32589d0ffa63628f
SHA1 fd3e95e2dc9e5435f47a7a9a986abe2c6a8ed172
SHA256 5e8697e86562d3b81d51fa07354798c114991ea5893aae7fdc09b2c834d7d6e2
SHA512 e6fc92e46697d8fd3192eb6e30485962de9baddeeb47c7420393966e9320fe3c696b43fd38119360a8b47739c844baa33645638195cdf727d8d2ee94c443e329

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\favicon[2].ico

MD5 504432c83a7a355782213f5aa620b13f
SHA1 faba34469d9f116310c066caf098ecf9441147f1
SHA256 df4276e18285a076a1a8060047fbb08e1066db2b9180863ec14a055a0c8e33f1
SHA512 314bb976aea202324fcb2769fdd12711501423170d4c19cd9e45a1d12ccb20e5d288bb19e2d9e8fd876916e799839d0bd51df9955d40a0ca07a2b47c2dbefa9c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

MD5 7ea1c8cf40a49abf453db29faeab762f
SHA1 dfa18cdc664125642f468f1811d9e00d1a6ae3a7
SHA256 2ca5ac4e326ff71162455fe751fa4372a02583dd13589387905189a3d32e6b5e
SHA512 3a942e36b7f72d57e3ac43eec0770fdc48165f956238f628f3f4419b20b3f296269481c4a0f0cb5eac244aa8f7426e32a66bf431fc8f14291ad3670a45cc76e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 056ab909f9991c14a0c5618bb70bb0ad
SHA1 eefba76dfca073ab252ef08d72a756601c9ce3e3
SHA256 282ab202549e575600c8ba9c0853f338da06beedf0936a1bb6d4ba228c0db682
SHA512 ec41db01ec3e357c5e0b9a6eff4699f25f770890ec130acfa160b2fd93721ee97ba90eb5a40cb149a1a83d5a3e246df411059e06cde78cefe1658c76a842e89d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1aa01b07cd3beb0c4a1884754ece4463
SHA1 5879cab97ee065ce7c5b98466bf5f62cd137c322
SHA256 21c40465e7ca19dda7fa0f14b64be8e6b643dbc5c32c43c826756e8fe64ca098
SHA512 252b228fcb9b13df6e1f43178cf5b97230569a20e0bfeb874563960231d13dd0caceab6037264945babd0e2a1aaf48144659da63dbea0ec151e2e4c60c6ecc23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7912274acab0c85d4c4a4da459dc5a1
SHA1 5448d5bbc0aa233a0489b6e7d5b374a569f61c95
SHA256 972e16676f63fcc83fd34bf3e30c4ec4f7904fab8f13d3679acdf21665153153
SHA512 eb78848773d0580ae4fdd9b4e51a3a72fffa5412da3feee7ade03e6366d57cd7f1bebc81ecbabb5ef727128239de4b8539863c32d68207c0efacbd52c9a62ae8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e2b3aea90f6706ba647689fe0c7473b
SHA1 1b0b2bdd97e8f1d5204f7a7f02d3a84fccca2be6
SHA256 02d41a29232e76a7a1cc8abe3d182bd14e4bdbc20275f867a82951f21e159471
SHA512 9b7f2a604152328515f68f708b95c6e35cce361645d798108c269b617c0217e83a48f9e94fbfd79f4e6bb28092d1573fe7a4c3b3e0bd0acd9e3b7c7b8d6110f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c5f76c990cf6c52b0806c11db37d582
SHA1 5b890db8f0404bba168c75b10e61249f8fb8e1b8
SHA256 fd66da8aa61126c576fa902978e182e87e96f820413d9705d4cd42a27b44e744
SHA512 8b4f677a5c644be14274e896741acb0304bf7f6bf10c69cd3f036ec4c8421251bc2fb0a42ecd03e8d107255b6c5220ba4304bb6f78e078118ac17b2b38f5f5d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c5e9130a2eba2fafcda5209448b7db2
SHA1 9072dbd12b12cb6226efd5100eba0b9b155dbb35
SHA256 9df6b96cc026da1dd46093a6b8e1ea22b3eaab979937c51aec01a65f75b6af85
SHA512 852c1217f1bfd74e575dc4c0d641e8776f3fb0f00155a40468ce402a3c3b097a34602a44e72a8e82736ec11293716ebacca67287510946ca7895c85a9a5999fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6043b342f2bc3ee4eef6eceda15800a0
SHA1 dda45c3c3fff70ecdb5fc7cac8cea79d3f0cf81f
SHA256 41f7229e9a0ef9791aef0e8b181d9a45fcedff99cf0103a2c09248181fb10918
SHA512 288b1e3d870687c5ee094083a5aeef64a735ea14f79e6f1bb129180e83db5c8f579fb7d54aa16af7928cafcaf18aaca99fe6d3c0e7a9d505a44e128172915a08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c27f8347b2235fed1248160bb64bf1bb
SHA1 04dba9a3e6c8373199ed3f24b380caf2a4c6db21
SHA256 c37c3264f7cb676141090f03474c0bb5800b20a8a5436bf06ea71dbb39a7af8e
SHA512 3305f89a22ac339bd8ab1f8e6730634f5b17e48222f326b639fdc2f6303ef4b330d56adbc66949114245289ffb9f78e7a08b78744a480c6bf1021948b259086e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a124fa796f550bf46ca856a6d511e48
SHA1 074142d4656860d20ebd83d03bd215c9816172cf
SHA256 f6a6076f40ba165e2671238c7558aee114add1e3f5a29a0a3b48566c461f8c5b
SHA512 131255d770897959197746aa73d08965ab2e89ffc448e166df53c835a69227ec3affeee4086a1396970b9a52f1afd02f94898f00a5440b12586c85ac88d734e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c69c3f8351f3a0521848ac883033090d
SHA1 7d7088b96b13bd46881f08e321a14bd7c2c62fe9
SHA256 e648ab3a3c20b31c49876467b1d748388f3c30be9fc9640dd222ecc2386d1844
SHA512 8a55497ddd300ff4adee9f46ecfe0dc1bd0eccecde305a45e3e21fa9bf32f252623d3e92d4d02de8c8587e455c54f1f3b4f4b0c2e1b0533eee500912d63cdf9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5fc8dff3e663064cec5efa8a76c3ea8
SHA1 f96d9c7be5cd7860f073fb635d0f241a0d4b7289
SHA256 84a8aceb79c5198ce998aea545eeaff4aa1ba00f5877ae94717b098424619b9d
SHA512 3679c736036dba4398189e2fa84fb0c9c18208b9c32352eabab7e55c3a07b1aa2afe85158edc91d4b37aac880238e50b9ed27cb50298fccd095d4cd0293fd688

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e829c0b54c73885a235c699face551c6
SHA1 b34a4588850837b317af52fb25de6080b549f69d
SHA256 e003049fea7eb458ceb660da7c96320a358b6ba8b826e0cdbfaa18615fcecd27
SHA512 117c43e355762f8c3bd002050b2dbfe92692730eab4475bbf403bc6a8ec7cab21c996f8f0feb9206fb34fcd4457b13a2c99d9323394008f86de8d9a090276a59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 987992560f4ea6c10eb61384725a5ae3
SHA1 d97417fe739aa84092c95dd172b1e1081c28a9fa
SHA256 b6376c5aa2f286725eeb8085c510a8acf204a8d4186feed4d73f98b890f152bc
SHA512 0452648e2f51199f39fdf82f036d276d89453489b05e6fee3e23cf14905dd19dc2b25592acba18132b175a416ef2c2bb22c67533b83d5c249bf3193be01bb55f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc19a760e5187415cc9de75355f0fb9f
SHA1 c9bfa6826991958f3dd4ffab1ee742a9ae87c5bb
SHA256 c800b7bbfc1304e4cf146ece4bfc3cc5ed4da0f98f2e9d1c1b2077acb8d60520
SHA512 f44a3801f74bced5fb145092ac116d3d4c5b1020b6d3d56f08cc666f5c289f439a4cddf3470588dfc432f144bb7cf044251815f40fc850c34ec186402e758044

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0ed9cbc0dd5d261f50c107127efaa50
SHA1 9b78418ef1baa04bc81f28fa1c4326da05eec24d
SHA256 63ff028cb458338600ae52d4edd79e0286199ab5330539c634744a4737b35b2e
SHA512 0236d257485dcbaf0ca6e767d75dce04fbf38090e8ae4bc5563435c5ed1a9c427f0f287d0e73c47cc366dd97acb12517c2b7af11d9353bef4667cb85fff7b2ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d4de0dd10b568e68c8a477ac298b98d
SHA1 c4c73d01cbe1f3dc367c9d07b5b76eb6e1a02f54
SHA256 37c88866ee73d96e43380b3d848c3a9d0ec22d50fb44379642e2270f4e5cd7e2
SHA512 765d954543da236b62f4b09bab848845fe3578ad12087b58427665173fa0d1e9c324b51462fba9971a69d54afb8fcc386a3009d01cd404103ca8e0ed9402814d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e56e03f66d2b709be905d9b35c38074
SHA1 01b765159ca41eed037353cff62872e3a8494c3c
SHA256 aeb5a464886fe351031c2aa0a8198c7a0f3f523f6f46bdf25b9101076af6b82a
SHA512 7eb15b9631885eb8c2ae08e95d4f1ffe643422e579d13c53e40f3142ef2d5524e881017b10b3682a7dee474ccab0434006ef3826d0ab3f9d2c516027beaa08b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db77cc96037b5e4460f4a2801ea5c10a
SHA1 1790ddfcf8aa1e0442058aa9928ceff458093039
SHA256 412e0003dfc5f76eba2e4e3bcb4a44954868421ef92232bf7d3154004dfb42f4
SHA512 3a7a1169767f7fb3e930e512b33fdff75a6defa2729658d3daa5bd0285ecec30740ee4daa22bd23037a16f179e960ef5b12006ac07b31ca22dd5dcc7eaac17d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf5a970cc69ef2852ce669b0e0a50e6c
SHA1 7d29de5345c3b75d7ac0aca657b787c24a5872ae
SHA256 32b7e8f081e7985fc2fd0d6d04107ed7960995bb32ddc9eff82a32ffdd056904
SHA512 888a27037fd92ece1dd5e64560ca7f922c92ddb9405fa6f7e1437c30538ee7fdfd2767d2c2e7092f59d59c85a116d7e0e515c8d726a7e720f1a004b885d24588

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68033e028e2db93045c243688542d994
SHA1 8eb10c70dee1de3f693b47bbd36f3f1ce3e8156b
SHA256 9c1ab3153e3ad558295907e695a5d0b738de62ef9dc6bef5f2fede0ee4bca291
SHA512 2e5b02520392a64ff3fb87897c1f61de832d2b959ee30e91f50ca77ac4accffe7b9c71ec8cc293453e5e64021feb780eb07a9fbb90652334f88086488b850623

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a53a34032fa36f406691e15b4f678817
SHA1 c3769a7f414293aae0e14aa9b7945bdc30d1b457
SHA256 27175e0b96a68bd61e264e0b78e1f909ad3003d401add4caaa57bf19972f2182
SHA512 85ddcae31537bd19945902ab1813300c9f11c2c73624187fbbcc358b3f4f01dc006a3752631f038f6155b826140ebe8a183b7e017b6a5fc710b0d05e823cc155

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:33

Reported

2024-06-13 01:36

Platform

win10v2004-20240508-en

Max time kernel

77s

Max time network

87s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7E958A7-BE31-4809-9D7D-54FB1E1E745F}\URL = "http://search.searchffr.com/s?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30&query={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424404290" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7E958A7-BE31-4809-9D7D-54FB1E1E745F} C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7E958A7-BE31-4809-9D7D-54FB1E1E745F}\SuggestionsURL = "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope = "{C7E958A7-BE31-4809-9D7D-54FB1E1E745F}" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C7E958A7-BE31-4809-9D7D-54FB1E1E745F}\DisplayName = "Search" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{F1CDFDBF-2924-11EF-A084-5ABC67A14C95} = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.searchffr.com/?source=bing-bb8&uid=53416835-1e0c-47af-8148-fa75307a5b41&uc=20180121&ap=appfocus63&i_id=recipes__1.30" C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\IEXPLORE.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a36094da73cf37782d4f19c1b2683ca7_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\IEXPLORE.EXE

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3732 CREDAT:17410 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 search.searchffr.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ie.search.yahoo.com udp
US 8.8.8.8:53 ie.search.yahoo.com udp

Files

N/A